{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","type":"deb","namespace":"debian","name":"thunderbird","version":"0","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.5.0.2-1","latest_non_vulnerable_version":"1:140.10.2esr-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51404?format=json","vulnerability_id":"VCID-19r2-4svk-uydr","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4578.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4578.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4578","reference_id":"","reference_type":"","scores":[{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28792","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28871","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28937","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28853","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28891","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.2881","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29238","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29121","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.2901","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28791","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35783","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35882","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35912","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35742","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35793","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35815","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35823","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.3576","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.358","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35789","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4578"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2236077","reference_id":"2236077","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2236077"},{"reference_url":"https://security.gentoo.org/glsa/202402-25","reference_id":"GLSA-202402-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-25"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-34","reference_id":"mfsa2023-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-34/","reference_id":"mfsa2023-34","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T20:02:09Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-34/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-36","reference_id":"mfsa2023-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-36"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-36/","reference_id":"mfsa2023-36","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T20:02:09Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-36/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-38","reference_id":"mfsa2023-38","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-38"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-38/","reference_id":"mfsa2023-38","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T20:02:09Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-38/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4945","reference_id":"RHSA-2023:4945","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4946","reference_id":"RHSA-2023:4946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4947","reference_id":"RHSA-2023:4947","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4948","reference_id":"RHSA-2023:4948","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4948"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4949","reference_id":"RHSA-2023:4949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4950","reference_id":"RHSA-2023:4950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4951","reference_id":"RHSA-2023:4951","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4951"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4952","reference_id":"RHSA-2023:4952","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4952"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4954","reference_id":"RHSA-2023:4954","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4954"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4955","reference_id":"RHSA-2023:4955","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4955"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4956","reference_id":"RHSA-2023:4956","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4956"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4957","reference_id":"RHSA-2023:4957","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4957"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4958","reference_id":"RHSA-2023:4958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4958"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4959","reference_id":"RHSA-2023:4959","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4959"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5019","reference_id":"RHSA-2023:5019","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5019"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1839007","reference_id":"show_bug.cgi?id=1839007","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T20:02:09Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1839007"},{"reference_url":"https://usn.ubuntu.com/6320-1/","reference_id":"USN-6320-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6320-1/"},{"reference_url":"https://usn.ubuntu.com/6405-1/","reference_id":"USN-6405-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6405-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940917?format=json","purl":"pkg:deb/debian/thunderbird@1:115.2.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.2.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2023-4578"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-19r2-4svk-uydr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51411?format=json","vulnerability_id":"VCID-1dkk-86db-s3ch","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5168.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5168.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5168","reference_id":"","reference_type":"","scores":[{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.4903","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49005","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49056","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49052","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.4902","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49006","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.4897","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48889","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48952","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48979","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48926","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48955","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48984","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49011","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48965","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49019","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49015","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49032","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5168"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2240892","reference_id":"2240892","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2240892"},{"reference_url":"https://security.gentoo.org/glsa/202402-25","reference_id":"GLSA-202402-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-25"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-41","reference_id":"mfsa2023-41","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-41"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-41/","reference_id":"mfsa2023-41","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-41/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-42","reference_id":"mfsa2023-42","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-42"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-42/","reference_id":"mfsa2023-42","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-42/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-43","reference_id":"mfsa2023-43","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-43"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-43/","reference_id":"mfsa2023-43","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-43/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1846683","reference_id":"show_bug.cgi?id=1846683","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:10Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1846683"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2023-5168"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1dkk-86db-s3ch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63395?format=json","vulnerability_id":"VCID-1jvh-anus-rfeg","summary":"When receiving an HTML email that specified to load an iframe element from a remote location, a request to the remote document was sent. However, Thunderbird didn't display the document.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3034.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3034.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3034","reference_id":"","reference_type":"","scores":[{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43682","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43811","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43764","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43766","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43685","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43558","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43634","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43651","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43588","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43618","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.4385","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43874","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43804","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43854","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43857","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43875","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43843","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43825","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43886","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43878","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3034"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2123257","reference_id":"2123257","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2123257"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-38","reference_id":"mfsa2022-38","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-38"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-38/","reference_id":"mfsa2022-38","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T15:59:36Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-38/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-39","reference_id":"mfsa2022-39","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-39"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-39/","reference_id":"mfsa2022-39","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T15:59:36Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-39/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6708","reference_id":"RHSA-2022:6708","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6708"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6710","reference_id":"RHSA-2022:6710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6710"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6713","reference_id":"RHSA-2022:6713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6715","reference_id":"RHSA-2022:6715","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6715"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6716","reference_id":"RHSA-2022:6716","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6716"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6717","reference_id":"RHSA-2022:6717","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6717"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1745751","reference_id":"show_bug.cgi?id=1745751","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T15:59:36Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1745751"},{"reference_url":"https://usn.ubuntu.com/5663-1/","reference_id":"USN-5663-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5663-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940881?format=json","purl":"pkg:deb/debian/thunderbird@1:102.2.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.2.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2022-3034"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1jvh-anus-rfeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63204?format=json","vulnerability_id":"VCID-1rj3-tt63-4yc1","summary":"Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38497.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38497.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38497","reference_id":"","reference_type":"","scores":[{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41375","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41672","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41657","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41705","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41679","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41604","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41497","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41494","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41416","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.4128","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41351","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41367","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41272","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41301","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41911","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41935","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41831","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41924","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41851","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.419","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41896","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38497"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2011098","reference_id":"2011098","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2011098"},{"reference_url":"https://security.archlinux.org/AVG-2443","reference_id":"AVG-2443","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2443"},{"reference_url":"https://security.archlinux.org/AVG-2459","reference_id":"AVG-2459","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2459"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-43","reference_id":"mfsa2021-43","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-43"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-45","reference_id":"mfsa2021-45","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-45"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-47","reference_id":"mfsa2021-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-47"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3755","reference_id":"RHSA-2021:3755","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3755"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3756","reference_id":"RHSA-2021:3756","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3756"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3757","reference_id":"RHSA-2021:3757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3791","reference_id":"RHSA-2021:3791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3838","reference_id":"RHSA-2021:3838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3839","reference_id":"RHSA-2021:3839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3840","reference_id":"RHSA-2021:3840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3841","reference_id":"RHSA-2021:3841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3841"},{"reference_url":"https://usn.ubuntu.com/5107-1/","reference_id":"USN-5107-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5107-1/"},{"reference_url":"https://usn.ubuntu.com/5132-1/","reference_id":"USN-5132-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5132-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2021-38497"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1rj3-tt63-4yc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36136?format=json","vulnerability_id":"VCID-1z5d-4wfm-8yfk","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9396.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9396.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-9396","reference_id":"","reference_type":"","scores":[{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39146","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39583","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39593","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39555","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39539","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39589","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39559","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39475","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.3928","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39264","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39183","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39056","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39124","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39141","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39051","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39073","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39574","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39597","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39513","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39567","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-9396"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2315954","reference_id":"2315954","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2315954"},{"reference_url":"https://security.gentoo.org/glsa/202412-04","reference_id":"GLSA-202412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-04"},{"reference_url":"https://security.gentoo.org/glsa/202412-06","reference_id":"GLSA-202412-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-06"},{"reference_url":"https://security.gentoo.org/glsa/202505-08","reference_id":"GLSA-202505-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202505-08"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-46","reference_id":"mfsa2024-46","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-46"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-46/","reference_id":"mfsa2024-46","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-01T19:12:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-46/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-47","reference_id":"mfsa2024-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-47"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-47/","reference_id":"mfsa2024-47","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-01T19:12:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-47/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-49","reference_id":"mfsa2024-49","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-49"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-49/","reference_id":"mfsa2024-49","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-01T19:12:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-49/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-50","reference_id":"mfsa2024-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-50"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-50/","reference_id":"mfsa2024-50","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-01T19:12:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-50/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7552","reference_id":"RHSA-2024:7552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7621","reference_id":"RHSA-2024:7621","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7621"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7622","reference_id":"RHSA-2024:7622","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7622"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7646","reference_id":"RHSA-2024:7646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7699","reference_id":"RHSA-2024:7699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7700","reference_id":"RHSA-2024:7700","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7700"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7702","reference_id":"RHSA-2024:7702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7703","reference_id":"RHSA-2024:7703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7704","reference_id":"RHSA-2024:7704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7842","reference_id":"RHSA-2024:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7853","reference_id":"RHSA-2024:7853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7853"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7854","reference_id":"RHSA-2024:7854","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7854"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7855","reference_id":"RHSA-2024:7855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7856","reference_id":"RHSA-2024:7856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8166","reference_id":"RHSA-2024:8166","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8166"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8169","reference_id":"RHSA-2024:8169","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8169"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1912471","reference_id":"show_bug.cgi?id=1912471","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-01T19:12:49Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1912471"},{"reference_url":"https://usn.ubuntu.com/7056-1/","reference_id":"USN-7056-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7056-1/"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940987?format=json","purl":"pkg:deb/debian/thunderbird@1:128.3.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.3.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2024-9396"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1z5d-4wfm-8yfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63093?format=json","vulnerability_id":"VCID-2a5d-8cac-mkft","summary":"A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk  with .download. This could have led to accidental execution of malicious code.*This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29542.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29542.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29542","reference_id":"","reference_type":"","scores":[{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28885","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28953","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.29076","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.29026","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28999","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28995","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31898","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31864","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32865","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.3315","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33127","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33089","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32941","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32925","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32851","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32742","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.3281","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.3285","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.3276","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32787","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29542"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2186107","reference_id":"2186107","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2186107"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-13","reference_id":"mfsa2023-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-13/","reference_id":"mfsa2023-13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-11T15:45:52Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-14","reference_id":"mfsa2023-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-14/","reference_id":"mfsa2023-14","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-11T15:45:52Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-15","reference_id":"mfsa2023-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-15/","reference_id":"mfsa2023-15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-11T15:45:52Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-15/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1810793","reference_id":"show_bug.cgi?id=1810793","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-11T15:45:52Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1810793"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1815062","reference_id":"show_bug.cgi?id=1815062","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-11T15:45:52Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1815062"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2023-29542"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2a5d-8cac-mkft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63343?format=json","vulnerability_id":"VCID-2z7p-2uj3-2qfb","summary":"If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main thread and any worker threads. *Note: users need to update to macOS 10.14.5 in order to take advantage of this change.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9815.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9815.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9815","reference_id":"","reference_type":"","scores":[{"value":"0.01","scoring_system":"epss","scoring_elements":"0.77175","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01","scoring_system":"epss","scoring_elements":"0.77125","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01","scoring_system":"epss","scoring_elements":"0.77108","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01","scoring_system":"epss","scoring_elements":"0.7712","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77212","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.7722","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77248","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77227","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77263","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77265","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77257","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.7729","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77295","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.7731","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77315","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77343","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77224","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77162","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77169","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77198","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77179","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9815"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1712624","reference_id":"1712624","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1712624"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-13","reference_id":"mfsa2019-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-13"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-14","reference_id":"mfsa2019-14","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-15","reference_id":"mfsa2019-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2019-9815"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2z7p-2uj3-2qfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36128?format=json","vulnerability_id":"VCID-3sjh-f264-m3g7","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8387.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8387.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8387","reference_id":"","reference_type":"","scores":[{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67751","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67773","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67771","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.6776","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.6774","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67746","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.6771","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67744","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67759","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67735","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.6772","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67668","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67669","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00543","scoring_system":"epss","scoring_elements":"0.67688","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74159","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74096","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74118","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.7408","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74103","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8387"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2309433","reference_id":"2309433","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2309433"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1857607%2C1911858%2C1914009","reference_id":"buglist.cgi?bug_id=1857607%2C1911858%2C1914009","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-03T15:41:12Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1857607%2C1911858%2C1914009"},{"reference_url":"https://security.gentoo.org/glsa/202412-04","reference_id":"GLSA-202412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-04"},{"reference_url":"https://security.gentoo.org/glsa/202412-06","reference_id":"GLSA-202412-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-06"},{"reference_url":"https://security.gentoo.org/glsa/202412-13","reference_id":"GLSA-202412-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-13"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-39","reference_id":"mfsa2024-39","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-39"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-39/","reference_id":"mfsa2024-39","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-03T15:41:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-39/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-40","reference_id":"mfsa2024-40","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-40"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-40/","reference_id":"mfsa2024-40","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-03T15:41:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-40/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-43","reference_id":"mfsa2024-43","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-43"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-43/","reference_id":"mfsa2024-43","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-03T15:41:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-43/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6681","reference_id":"RHSA-2024:6681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6682","reference_id":"RHSA-2024:6682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6683","reference_id":"RHSA-2024:6683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6684","reference_id":"RHSA-2024:6684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6719","reference_id":"RHSA-2024:6719","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6719"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6720","reference_id":"RHSA-2024:6720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6721","reference_id":"RHSA-2024:6721","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6721"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6722","reference_id":"RHSA-2024:6722","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6722"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6723","reference_id":"RHSA-2024:6723","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6723"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6782","reference_id":"RHSA-2024:6782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6786","reference_id":"RHSA-2024:6786","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6786"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6816","reference_id":"RHSA-2024:6816","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6816"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6838","reference_id":"RHSA-2024:6838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6839","reference_id":"RHSA-2024:6839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6850","reference_id":"RHSA-2024:6850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6891","reference_id":"RHSA-2024:6891","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6891"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6892","reference_id":"RHSA-2024:6892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6892"},{"reference_url":"https://usn.ubuntu.com/6992-1/","reference_id":"USN-6992-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6992-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940984?format=json","purl":"pkg:deb/debian/thunderbird@1:128.2.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.2.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2024-8387"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3sjh-f264-m3g7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51226?format=json","vulnerability_id":"VCID-4c3c-ygt3-kbg5","summary":"Multiple vulnerabilities have been found in Mozilla Firefox, the\n    worst of which may allow execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-6797.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-6797.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-6797","reference_id":"","reference_type":"","scores":[{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77416","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.7734","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77362","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77351","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.7737","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77159","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77165","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77195","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77176","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77209","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77217","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77245","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77224","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.7722","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.7726","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77262","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77253","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77287","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77292","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77306","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77312","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-6797"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1801917","reference_id":"1801917","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1801917"},{"reference_url":"https://security.gentoo.org/glsa/202003-02","reference_id":"GLSA-202003-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-02"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-05","reference_id":"mfsa2020-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-05"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-06","reference_id":"mfsa2020-06","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-07","reference_id":"mfsa2020-07","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-07"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2020-6797"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4c3c-ygt3-kbg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62705?format=json","vulnerability_id":"VCID-4r8e-64b6-bbbu","summary":"Use-after-free in the Widget: Cocoa component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4711.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4711.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4711","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06239","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06224","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06078","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06067","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06105","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06112","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06117","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06126","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06062","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06047","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07141","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06869","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06843","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06885","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07038","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07127","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07109","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.0712","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4711"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450733","reference_id":"2450733","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450733"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T16:25:02Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T16:25:02Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T16:25:02Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T16:25:02Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2017002","reference_id":"show_bug.cgi?id=2017002","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-25T16:25:02Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2017002"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2026-4711"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4r8e-64b6-bbbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63338?format=json","vulnerability_id":"VCID-4sv2-j8zg-xkhf","summary":"When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17009.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17009.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17009","reference_id":"","reference_type":"","scores":[{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.3432","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34222","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34293","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34331","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34225","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34251","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34579","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34792","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34818","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34695","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34738","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34766","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.3477","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34731","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34708","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34742","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34727","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34687","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34455","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34436","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.3435","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17009"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1779433","reference_id":"1779433","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1779433"},{"reference_url":"https://security.archlinux.org/ASA-201912-1","reference_id":"ASA-201912-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201912-1"},{"reference_url":"https://security.archlinux.org/AVG-1071","reference_id":"AVG-1071","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1071"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-36","reference_id":"mfsa2019-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-36"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-37","reference_id":"mfsa2019-37","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-37"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-38","reference_id":"mfsa2019-38","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-38"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2019-17009"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4sv2-j8zg-xkhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62610?format=json","vulnerability_id":"VCID-4vps-3cxv-xyd5","summary":"On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as .url by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5692.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5692.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-5692","reference_id":"","reference_type":"","scores":[{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54697","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54745","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54737","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54683","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.5464","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54742","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54693","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54717","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54698","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54726","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54725","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54792","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61536","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61475","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61503","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61473","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61521","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61557","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61544","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61524","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-5692"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2291398","reference_id":"2291398","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2291398"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-25","reference_id":"mfsa2024-25","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-25"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-25/","reference_id":"mfsa2024-25","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-09T16:54:09Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-25/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-26","reference_id":"mfsa2024-26","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-26"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-26/","reference_id":"mfsa2024-26","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-09T16:54:09Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-26/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-28","reference_id":"mfsa2024-28","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-28"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-28/","reference_id":"mfsa2024-28","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-09T16:54:09Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-28/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1891234","reference_id":"show_bug.cgi?id=1891234","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-09T16:54:09Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1891234"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2024-5692"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4vps-3cxv-xyd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63119?format=json","vulnerability_id":"VCID-5666-pp89-aqc2","summary":"The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution.*Note: this issue only affects Firefox on Windows operating systems.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12393.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12393.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12393","reference_id":"","reference_type":"","scores":[{"value":"0.0048","scoring_system":"epss","scoring_elements":"0.65265","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0048","scoring_system":"epss","scoring_elements":"0.65218","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0048","scoring_system":"epss","scoring_elements":"0.65187","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0048","scoring_system":"epss","scoring_elements":"0.65209","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0048","scoring_system":"epss","scoring_elements":"0.65001","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0048","scoring_system":"epss","scoring_elements":"0.65051","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0048","scoring_system":"epss","scoring_elements":"0.65077","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0048","scoring_system":"epss","scoring_elements":"0.6504","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0048","scoring_system":"epss","scoring_elements":"0.6509","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0048","scoring_system":"epss","scoring_elements":"0.65103","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0048","scoring_system":"epss","scoring_elements":"0.65122","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0048","scoring_system":"epss","scoring_elements":"0.65112","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0048","scoring_system":"epss","scoring_elements":"0.65084","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0048","scoring_system":"epss","scoring_elements":"0.6512","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0048","scoring_system":"epss","scoring_elements":"0.65129","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0048","scoring_system":"epss","scoring_elements":"0.65113","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0048","scoring_system":"epss","scoring_elements":"0.6513","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0048","scoring_system":"epss","scoring_elements":"0.65143","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0048","scoring_system":"epss","scoring_elements":"0.65142","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0048","scoring_system":"epss","scoring_elements":"0.65125","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0048","scoring_system":"epss","scoring_elements":"0.65172","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12393"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1831946","reference_id":"1831946","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1831946"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-16","reference_id":"mfsa2020-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-16"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-17","reference_id":"mfsa2020-17","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-17"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-18","reference_id":"mfsa2020-18","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-18"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2020-12393"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5666-pp89-aqc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63211?format=json","vulnerability_id":"VCID-5aga-y5nk-5fha","summary":"A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would processing incorrectly, leading to an out-of-bounds read.\n*This bug only affects Firefox on Windows. Other operating systems are unaffected.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29964.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29964.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29964","reference_id":"","reference_type":"","scores":[{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55496","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55349","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55392","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.5545","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.5541","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55326","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55437","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55461","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.5544","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55491","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55501","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.5548","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55463","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55499","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55502","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55481","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55405","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55426","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55398","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29964"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966830","reference_id":"1966830","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966830"},{"reference_url":"https://security.archlinux.org/AVG-2019","reference_id":"AVG-2019","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2019"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-23","reference_id":"mfsa2021-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-23"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-24","reference_id":"mfsa2021-24","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-24"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-26","reference_id":"mfsa2021-26","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-26"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2021-29964"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5aga-y5nk-5fha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61818?format=json","vulnerability_id":"VCID-5c1p-6gjw-wkgx","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird,\n    the worst of which could lead to the execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12391.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12391.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12391","reference_id":"","reference_type":"","scores":[{"value":"0.00547","scoring_system":"epss","scoring_elements":"0.68042","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00547","scoring_system":"epss","scoring_elements":"0.67933","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00547","scoring_system":"epss","scoring_elements":"0.67908","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00547","scoring_system":"epss","scoring_elements":"0.6795","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00547","scoring_system":"epss","scoring_elements":"0.67991","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00547","scoring_system":"epss","scoring_elements":"0.6796","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00547","scoring_system":"epss","scoring_elements":"0.67985","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00547","scoring_system":"epss","scoring_elements":"0.67798","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00547","scoring_system":"epss","scoring_elements":"0.67832","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00547","scoring_system":"epss","scoring_elements":"0.67851","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00547","scoring_system":"epss","scoring_elements":"0.67831","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00547","scoring_system":"epss","scoring_elements":"0.67882","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00547","scoring_system":"epss","scoring_elements":"0.67895","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00547","scoring_system":"epss","scoring_elements":"0.67919","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00547","scoring_system":"epss","scoring_elements":"0.67906","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00547","scoring_system":"epss","scoring_elements":"0.67869","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00547","scoring_system":"epss","scoring_elements":"0.67918","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00547","scoring_system":"epss","scoring_elements":"0.679","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00547","scoring_system":"epss","scoring_elements":"0.67929","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12391"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1478843","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1478843"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2018-26/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2018-26/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2018-27/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2018-27/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2018-28/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2018-28/"},{"reference_url":"http://www.securityfocus.com/bid/105718","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/105718"},{"reference_url":"http://www.securityfocus.com/bid/105769","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/105769"},{"reference_url":"http://www.securitytracker.com/id/1041944","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1041944"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1642181","reference_id":"1642181","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1642181"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-12391","reference_id":"CVE-2018-12391","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:C/I:C/A:C"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-12391"},{"reference_url":"https://security.gentoo.org/glsa/201811-13","reference_id":"GLSA-201811-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201811-13"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-26","reference_id":"mfsa2018-26","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-26"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-27","reference_id":"mfsa2018-27","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-27"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-28","reference_id":"mfsa2018-28","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2018-12391"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5c1p-6gjw-wkgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62878?format=json","vulnerability_id":"VCID-5srb-q1nd-1qfh","summary":"A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. *Note: This attack only affects Windows operating systems. Other operating systems are unaffected.*","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7845","reference_id":"","reference_type":"","scores":[{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73574","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.7349","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73484","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73509","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73533","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73515","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73352","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73362","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73386","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73357","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73394","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73407","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73431","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.7341","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73403","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73445","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73453","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73447","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73481","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73493","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7845"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1402372","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1402372"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-28/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-28/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-29/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-29/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-30/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-30/"},{"reference_url":"http://www.securityfocus.com/bid/102115","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/102115"},{"reference_url":"http://www.securitytracker.com/id/1040123","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1040123"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7845","reference_id":"CVE-2017-7845","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:C/I:C/A:C"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7845"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-28","reference_id":"mfsa2017-28","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-28"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-29","reference_id":"mfsa2017-29","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-29"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-30","reference_id":"mfsa2017-30","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-30"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2017-7845"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5srb-q1nd-1qfh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63354?format=json","vulnerability_id":"VCID-5zmj-5xkc-zkgc","summary":"A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11694.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11694.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11694","reference_id":"","reference_type":"","scores":[{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60128","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60177","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60087","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60114","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60578","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60594","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60618","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60582","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60623","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60628","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60616","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60601","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60613","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60602","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60607","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60603","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60458","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60534","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.6056","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60529","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11694"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1712620","reference_id":"1712620","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1712620"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-13","reference_id":"mfsa2019-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-13"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-14","reference_id":"mfsa2019-14","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-15","reference_id":"mfsa2019-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2019-11694"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5zmj-5xkc-zkgc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36130?format=json","vulnerability_id":"VCID-62zr-8w1c-bydt","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8394.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8394.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8394","reference_id":"","reference_type":"","scores":[{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58376","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58364","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58403","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58426","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58359","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58379","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58353","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58406","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58412","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58429","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58408","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58422","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58389","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60722","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60617","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60674","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60634","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00398","scoring_system":"epss","scoring_elements":"0.60661","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60726","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60775","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8394"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2310481","reference_id":"2310481","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2310481"},{"reference_url":"https://security.gentoo.org/glsa/202412-04","reference_id":"GLSA-202412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-04"},{"reference_url":"https://security.gentoo.org/glsa/202412-06","reference_id":"GLSA-202412-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-06"},{"reference_url":"https://security.gentoo.org/glsa/202412-13","reference_id":"GLSA-202412-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-13"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-43","reference_id":"mfsa2024-43","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-43"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-43/","reference_id":"mfsa2024-43","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T19:38:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-43/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6683","reference_id":"RHSA-2024:6683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6684","reference_id":"RHSA-2024:6684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6719","reference_id":"RHSA-2024:6719","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6719"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6720","reference_id":"RHSA-2024:6720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6721","reference_id":"RHSA-2024:6721","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6721"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6722","reference_id":"RHSA-2024:6722","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6722"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6723","reference_id":"RHSA-2024:6723","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6723"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6816","reference_id":"RHSA-2024:6816","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6816"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1895737","reference_id":"show_bug.cgi?id=1895737","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T19:38:19Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1895737"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940984?format=json","purl":"pkg:deb/debian/thunderbird@1:128.2.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.2.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2024-8394"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-62zr-8w1c-bydt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63393?format=json","vulnerability_id":"VCID-6dgw-qbue-nqax","summary":"If a Thunderbird user replied to a crafted HTML email containing a meta tag, with the meta tag\nhaving the http-equiv=\"refresh\" attribute, and the content attribute specifying an URL, then\nThunderbird started a network request to that URL, regardless of the configuration to block\nremote content. In combination with certain other HTML elements and attributes in the email,\nit was possible to execute JavaScript code included in the message in the context of the\nmessage compose document. \nThe JavaScript code was able to perform actions including, but probably not limited\nto, read and modify the contents of the message compose document, including the quoted\noriginal message, which could potentially contain the decrypted plaintext of encrypted data \nin the crafted email.\nThe contents could then be transmitted to the network, either to the URL specified in the META refresh tag,\nor to a different URL, as the JavaScript code could modify the URL specified in the document.\nThis bug doesn't affect users who have changed the default Message Body display setting to\n'simple html' or 'plain text'.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3033.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3033.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3033","reference_id":"","reference_type":"","scores":[{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.73137","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.73007","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.73047","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.73057","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.73054","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.73048","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.73076","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.73098","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.73058","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.73082","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.72917","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.72937","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.72912","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.7295","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.72964","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.72989","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.72969","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.72962","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.73004","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.73014","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3033"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2123256","reference_id":"2123256","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2123256"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-38","reference_id":"mfsa2022-38","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-38"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-38/","reference_id":"mfsa2022-38","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T16:16:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-38/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-39","reference_id":"mfsa2022-39","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-39"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-39/","reference_id":"mfsa2022-39","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T16:16:03Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-39/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6708","reference_id":"RHSA-2022:6708","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6708"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6710","reference_id":"RHSA-2022:6710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6710"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6713","reference_id":"RHSA-2022:6713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6715","reference_id":"RHSA-2022:6715","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6715"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6716","reference_id":"RHSA-2022:6716","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6716"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6717","reference_id":"RHSA-2022:6717","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6717"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1784838","reference_id":"show_bug.cgi?id=1784838","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T16:16:03Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1784838"},{"reference_url":"https://usn.ubuntu.com/5663-1/","reference_id":"USN-5663-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5663-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940881?format=json","purl":"pkg:deb/debian/thunderbird@1:102.2.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.2.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2022-3033"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6dgw-qbue-nqax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63140?format=json","vulnerability_id":"VCID-6h7s-a74e-33c1","summary":"Mozilla developer Anne van Kesteren discovered that <iframe sandbox> with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15653.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15653.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15653","reference_id":"","reference_type":"","scores":[{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51881","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51808","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.5177","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51719","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51771","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51776","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51801","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51724","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51773","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51799","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51759","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51814","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51811","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51862","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51842","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51827","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51869","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51876","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51858","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15653"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861645","reference_id":"1861645","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861645"},{"reference_url":"https://security.archlinux.org/AVG-1213","reference_id":"AVG-1213","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1213"},{"reference_url":"https://security.archlinux.org/AVG-1214","reference_id":"AVG-1214","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1214"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-30","reference_id":"mfsa2020-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-30"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-32","reference_id":"mfsa2020-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-32"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-33","reference_id":"mfsa2020-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-33"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3555","reference_id":"RHSA-2020:3555","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3555"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3557","reference_id":"RHSA-2020:3557","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3557"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3559","reference_id":"RHSA-2020:3559","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3559"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4080","reference_id":"RHSA-2020:4080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4080"},{"reference_url":"https://usn.ubuntu.com/4443-1/","reference_id":"USN-4443-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4443-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2020-15653"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6h7s-a74e-33c1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51410?format=json","vulnerability_id":"VCID-6s88-vfr8-u3hj","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4585.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4585.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4585","reference_id":"","reference_type":"","scores":[{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41078","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41107","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41082","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41065","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41081","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41115","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41096","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41089","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41113","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.4104","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42204","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42393","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42329","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42326","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42242","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42098","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42173","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.4219","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42104","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42133","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4585"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2236086","reference_id":"2236086","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2236086"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1751583%2C1841082%2C1847904%2C1848999","reference_id":"buglist.cgi?bug_id=1751583%2C1841082%2C1847904%2C1848999","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T19:08:38Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1751583%2C1841082%2C1847904%2C1848999"},{"reference_url":"https://security.gentoo.org/glsa/202402-25","reference_id":"GLSA-202402-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-25"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-34","reference_id":"mfsa2023-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-34/","reference_id":"mfsa2023-34","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T19:08:38Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-34/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-36","reference_id":"mfsa2023-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-36"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-36/","reference_id":"mfsa2023-36","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T19:08:38Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-36/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-38","reference_id":"mfsa2023-38","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-38"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-38/","reference_id":"mfsa2023-38","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T19:08:38Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-38/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4945","reference_id":"RHSA-2023:4945","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4946","reference_id":"RHSA-2023:4946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4947","reference_id":"RHSA-2023:4947","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4948","reference_id":"RHSA-2023:4948","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4948"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4949","reference_id":"RHSA-2023:4949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4950","reference_id":"RHSA-2023:4950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4951","reference_id":"RHSA-2023:4951","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4951"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4952","reference_id":"RHSA-2023:4952","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4952"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4954","reference_id":"RHSA-2023:4954","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4954"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4955","reference_id":"RHSA-2023:4955","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4955"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4956","reference_id":"RHSA-2023:4956","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4956"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4957","reference_id":"RHSA-2023:4957","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4957"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4958","reference_id":"RHSA-2023:4958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4958"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4959","reference_id":"RHSA-2023:4959","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4959"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5019","reference_id":"RHSA-2023:5019","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5019"},{"reference_url":"https://usn.ubuntu.com/6320-1/","reference_id":"USN-6320-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6320-1/"},{"reference_url":"https://usn.ubuntu.com/6405-1/","reference_id":"USN-6405-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6405-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940917?format=json","purl":"pkg:deb/debian/thunderbird@1:115.2.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.2.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2023-4585"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6s88-vfr8-u3hj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51414?format=json","vulnerability_id":"VCID-6zjy-1agk-nbd9","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5174.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5174.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5174","reference_id":"","reference_type":"","scores":[{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.6359","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63458","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63466","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63452","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63469","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63482","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63478","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.6345","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63494","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63547","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63512","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63539","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63397","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63424","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.6339","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63441","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63459","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63476","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.6346","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5174"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2240895","reference_id":"2240895","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2240895"},{"reference_url":"https://security.gentoo.org/glsa/202402-25","reference_id":"GLSA-202402-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-25"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-41","reference_id":"mfsa2023-41","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-41"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-41/","reference_id":"mfsa2023-41","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-41/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-42","reference_id":"mfsa2023-42","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-42"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-42/","reference_id":"mfsa2023-42","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-42/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-43","reference_id":"mfsa2023-43","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-43"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-43/","reference_id":"mfsa2023-43","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-43/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1848454","reference_id":"show_bug.cgi?id=1848454","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:08Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1848454"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2023-5174"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6zjy-1agk-nbd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31129?format=json","vulnerability_id":"VCID-74zp-pzc4-efhm","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38495.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38495.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38495","reference_id":"","reference_type":"","scores":[{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.68088","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67998","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.68039","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.68007","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.68032","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67828","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67852","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67872","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67902","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67916","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.6794","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67926","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.6789","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67928","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67941","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67921","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67966","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67975","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.6798","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67955","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38495"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2002900","reference_id":"2002900","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2002900"},{"reference_url":"https://security.archlinux.org/AVG-2291","reference_id":"AVG-2291","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2291"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-40","reference_id":"mfsa2021-40","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-40"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-41","reference_id":"mfsa2021-41","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-41"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2021-38495"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-74zp-pzc4-efhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63006?format=json","vulnerability_id":"VCID-754j-7erb-z7ae","summary":"Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2817.json","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2817.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2817","reference_id":"","reference_type":"","scores":[{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59462","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59303","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59326","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59291","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59341","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59354","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59374","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59357","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59339","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59372","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59378","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59359","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59337","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.593","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59348","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59406","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59364","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59391","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2817"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2362902","reference_id":"2362902","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2362902"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-28","reference_id":"mfsa2025-28","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-28"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-28/","reference_id":"mfsa2025-28","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T03:56:27Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T14:20:44Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-28/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-29","reference_id":"mfsa2025-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-29"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-29/","reference_id":"mfsa2025-29","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T14:20:44Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T03:56:27Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-29/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-30","reference_id":"mfsa2025-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-30/","reference_id":"mfsa2025-30","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T14:20:44Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T03:56:27Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-31","reference_id":"mfsa2025-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-31/","reference_id":"mfsa2025-31","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T14:20:44Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T03:56:27Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-31/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-32","reference_id":"mfsa2025-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-32/","reference_id":"mfsa2025-32","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T03:56:27Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T14:20:44Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-32/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4443","reference_id":"RHSA-2025:4443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4443"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4458","reference_id":"RHSA-2025:4458","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4458"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4460","reference_id":"RHSA-2025:4460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4460"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4751","reference_id":"RHSA-2025:4751","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4751"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4752","reference_id":"RHSA-2025:4752","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4752"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4753","reference_id":"RHSA-2025:4753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4756","reference_id":"RHSA-2025:4756","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4756"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4797","reference_id":"RHSA-2025:4797","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4797"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7428","reference_id":"RHSA-2025:7428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7506","reference_id":"RHSA-2025:7506","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7506"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7507","reference_id":"RHSA-2025:7507","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7507"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7543","reference_id":"RHSA-2025:7543","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7543"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7544","reference_id":"RHSA-2025:7544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7545","reference_id":"RHSA-2025:7545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7547","reference_id":"RHSA-2025:7547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7547"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7689","reference_id":"RHSA-2025:7689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7690","reference_id":"RHSA-2025:7690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7690"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7691","reference_id":"RHSA-2025:7691","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7691"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7692","reference_id":"RHSA-2025:7692","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7692"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7693","reference_id":"RHSA-2025:7693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7694","reference_id":"RHSA-2025:7694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7695","reference_id":"RHSA-2025:7695","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7695"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1917536","reference_id":"show_bug.cgi?id=1917536","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T03:56:27Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T14:20:44Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1917536"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2025-2817"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-754j-7erb-z7ae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63007?format=json","vulnerability_id":"VCID-7939-5qcd-tqgg","summary":"Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges.*This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4082.json","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4082.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-4082","reference_id":"","reference_type":"","scores":[{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56358","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56335","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56431","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56382","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56362","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56413","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56418","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56406","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56359","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56383","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.5632","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.5627","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56316","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56338","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56319","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56392","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.5642","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56419","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56387","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-4082"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2362903","reference_id":"2362903","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2362903"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-28","reference_id":"mfsa2025-28","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-28"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-28/","reference_id":"mfsa2025-28","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T03:56:28Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-28/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-29","reference_id":"mfsa2025-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-29"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-29/","reference_id":"mfsa2025-29","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T03:56:28Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-29/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-30","reference_id":"mfsa2025-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-30/","reference_id":"mfsa2025-30","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T03:56:28Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-31","reference_id":"mfsa2025-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-31/","reference_id":"mfsa2025-31","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T03:56:28Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-31/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-32","reference_id":"mfsa2025-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-32/","reference_id":"mfsa2025-32","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T03:56:28Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-32/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1937097","reference_id":"show_bug.cgi?id=1937097","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T03:56:28Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1937097"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2025-4082"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7939-5qcd-tqgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31127?format=json","vulnerability_id":"VCID-7fvy-7hpe-kbej","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38492.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38492.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38492","reference_id":"","reference_type":"","scores":[{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61189","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61091","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61079","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61084","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61033","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61083","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61142","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61104","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61131","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.60938","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61015","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61044","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61009","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61057","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61073","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61094","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61081","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61061","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61103","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61108","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38492"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2002118","reference_id":"2002118","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2002118"},{"reference_url":"https://security.archlinux.org/AVG-2351","reference_id":"AVG-2351","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2351"},{"reference_url":"https://security.archlinux.org/AVG-2353","reference_id":"AVG-2353","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2353"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-38","reference_id":"mfsa2021-38","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-38"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-39","reference_id":"mfsa2021-39","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-39"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-40","reference_id":"mfsa2021-40","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-40"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-41","reference_id":"mfsa2021-41","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-41"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-42","reference_id":"mfsa2021-42","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-42"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2021-38492"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7fvy-7hpe-kbej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51398?format=json","vulnerability_id":"VCID-7sbd-1n7f-ryed","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4057.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4057.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4057","reference_id":"","reference_type":"","scores":[{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43821","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43914","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43883","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43865","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43918","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44044","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43995","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43999","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43851","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43791","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44639","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44609","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.4463","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44567","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44619","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44622","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.4461","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44665","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44658","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4057"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2228371","reference_id":"2228371","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2228371"},{"reference_url":"https://security.gentoo.org/glsa/202402-25","reference_id":"GLSA-202402-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-25"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-29","reference_id":"mfsa2023-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-29"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-29/","reference_id":"mfsa2023-29","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-22T14:20:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-29/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-31","reference_id":"mfsa2023-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-31/","reference_id":"mfsa2023-31","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-22T14:20:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-31/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-33","reference_id":"mfsa2023-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-33/","reference_id":"mfsa2023-33","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-22T14:20:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-33/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4460","reference_id":"RHSA-2023:4460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4460"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4461","reference_id":"RHSA-2023:4461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4462","reference_id":"RHSA-2023:4462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4463","reference_id":"RHSA-2023:4463","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4463"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4464","reference_id":"RHSA-2023:4464","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4464"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4465","reference_id":"RHSA-2023:4465","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4465"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4468","reference_id":"RHSA-2023:4468","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4468"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4469","reference_id":"RHSA-2023:4469","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4469"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4492","reference_id":"RHSA-2023:4492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4493","reference_id":"RHSA-2023:4493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4494","reference_id":"RHSA-2023:4494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4495","reference_id":"RHSA-2023:4495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4496","reference_id":"RHSA-2023:4496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4497","reference_id":"RHSA-2023:4497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4499","reference_id":"RHSA-2023:4499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4500","reference_id":"RHSA-2023:4500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4500"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1841682","reference_id":"show_bug.cgi?id=1841682","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-22T14:20:29Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1841682"},{"reference_url":"https://usn.ubuntu.com/6267-1/","reference_id":"USN-6267-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6267-1/"},{"reference_url":"https://usn.ubuntu.com/6405-1/","reference_id":"USN-6405-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6405-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940916?format=json","purl":"pkg:deb/debian/thunderbird@1:115.1.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.1.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2023-4057"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7sbd-1n7f-ryed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62613?format=json","vulnerability_id":"VCID-7u5b-uzd5-7kdc","summary":"Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver.  *This bug only affected the application on Apple M series hardware. Other platforms were unaffected.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11691.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11691.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-11691","reference_id":"","reference_type":"","scores":[{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.37005","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.37063","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.37017","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.37044","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.37078","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.37069","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.37056","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.37143","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.37175","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44397","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44268","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44392","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44472","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44469","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44555","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44625","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44363","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44346","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44327","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44297","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-11691"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2328940","reference_id":"2328940","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2328940"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-63","reference_id":"mfsa2024-63","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-63"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-63/","reference_id":"mfsa2024-63","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-30T04:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-63/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-64","reference_id":"mfsa2024-64","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-64"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-64/","reference_id":"mfsa2024-64","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-30T04:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-64/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-65","reference_id":"mfsa2024-65","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-65"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-65/","reference_id":"mfsa2024-65","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-30T04:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-65/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-67","reference_id":"mfsa2024-67","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-67"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-67/","reference_id":"mfsa2024-67","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-30T04:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-67/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-68","reference_id":"mfsa2024-68","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-68"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-68/","reference_id":"mfsa2024-68","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-30T04:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-68/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-70","reference_id":"mfsa2024-70","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-70"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-70/","reference_id":"mfsa2024-70","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-30T04:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-70/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1914707","reference_id":"show_bug.cgi?id=1914707","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-30T04:55:57Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1914707"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1924184","reference_id":"show_bug.cgi?id=1924184","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-30T04:55:57Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1924184"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2024-11691"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7u5b-uzd5-7kdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/353256?format=json","vulnerability_id":"VCID-7xh6-s1h4-dbhw","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6759.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6759.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6759","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14415","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14389","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19218","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19079","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19114","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.18934","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.1905","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19115","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19016","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-6759"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460094","reference_id":"2460094","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460094"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-30/","reference_id":"mfsa2026-30","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:06:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-32/","reference_id":"mfsa2026-32","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:06:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-33/","reference_id":"mfsa2026-33","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:06:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-34/","reference_id":"mfsa2026-34","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:06:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-34/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10757","reference_id":"RHSA-2026:10757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10766","reference_id":"RHSA-2026:10766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10767","reference_id":"RHSA-2026:10767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12285","reference_id":"RHSA-2026:12285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13537","reference_id":"RHSA-2026:13537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15892","reference_id":"RHSA-2026:15892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17477","reference_id":"RHSA-2026:17477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17687","reference_id":"RHSA-2026:17687","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17688","reference_id":"RHSA-2026:17688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17689","reference_id":"RHSA-2026:17689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17690","reference_id":"RHSA-2026:17690","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17690"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016164","reference_id":"show_bug.cgi?id=2016164","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T15:06:08Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2016164"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2026-6759"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7xh6-s1h4-dbhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63334?format=json","vulnerability_id":"VCID-8cv4-kvfj-4uek","summary":"Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine and we presume that with enough effort that it could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11758.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11758.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11758","reference_id":"","reference_type":"","scores":[{"value":"0.00817","scoring_system":"epss","scoring_elements":"0.74514","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00849","scoring_system":"epss","scoring_elements":"0.7486","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00849","scoring_system":"epss","scoring_elements":"0.74998","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00849","scoring_system":"epss","scoring_elements":"0.74971","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00849","scoring_system":"epss","scoring_elements":"0.74989","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00849","scoring_system":"epss","scoring_elements":"0.74817","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00849","scoring_system":"epss","scoring_elements":"0.74819","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00849","scoring_system":"epss","scoring_elements":"0.74847","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00849","scoring_system":"epss","scoring_elements":"0.74821","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00849","scoring_system":"epss","scoring_elements":"0.74853","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00849","scoring_system":"epss","scoring_elements":"0.74867","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00849","scoring_system":"epss","scoring_elements":"0.74891","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00849","scoring_system":"epss","scoring_elements":"0.7487","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00849","scoring_system":"epss","scoring_elements":"0.74897","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00849","scoring_system":"epss","scoring_elements":"0.74904","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00849","scoring_system":"epss","scoring_elements":"0.74895","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00849","scoring_system":"epss","scoring_elements":"0.74931","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00849","scoring_system":"epss","scoring_elements":"0.74938","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00849","scoring_system":"epss","scoring_elements":"0.74941","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00849","scoring_system":"epss","scoring_elements":"0.74948","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00849","scoring_system":"epss","scoring_elements":"0.74974","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11758"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1764439","reference_id":"1764439","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1764439"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-25","reference_id":"mfsa2019-25","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-25"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-33","reference_id":"mfsa2019-33","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-33"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-35","reference_id":"mfsa2019-35","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-35"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3193","reference_id":"RHSA-2019:3193","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3193"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3196","reference_id":"RHSA-2019:3196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3210","reference_id":"RHSA-2019:3210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3237","reference_id":"RHSA-2019:3237","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3237"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3281","reference_id":"RHSA-2019:3281","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3281"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3756","reference_id":"RHSA-2019:3756","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3756"},{"reference_url":"https://usn.ubuntu.com/4202-1/","reference_id":"USN-4202-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4202-1/"},{"reference_url":"https://usn.ubuntu.com/4335-1/","reference_id":"USN-4335-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4335-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2019-11758"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8cv4-kvfj-4uek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63346?format=json","vulnerability_id":"VCID-8hgj-7cb6-fbbp","summary":"A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. *Note: this vulnerability only affects Windows. Other operating systems are unaffected.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9818.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9818.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9818","reference_id":"","reference_type":"","scores":[{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.56547","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.56583","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.56498","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.56522","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.5701","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.57012","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.57024","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.5698","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.57009","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.57007","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56917","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56935","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56919","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56873","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56918","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.57004","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56865","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56962","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56983","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56959","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9818"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1712627","reference_id":"1712627","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1712627"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-13","reference_id":"mfsa2019-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-13"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-14","reference_id":"mfsa2019-14","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-15","reference_id":"mfsa2019-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2019-9818"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8hgj-7cb6-fbbp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33668?format=json","vulnerability_id":"VCID-8kgq-qhy6-e3c2","summary":"Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38476.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38476.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-38476","reference_id":"","reference_type":"","scores":[{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40346","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40429","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40421","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40452","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40404","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40423","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40462","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40441","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40455","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.4043","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40379","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40144","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40077","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41791","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41565","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41656","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41639","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.4157","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.4171","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41798","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-38476"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2120678","reference_id":"2120678","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2120678"},{"reference_url":"https://security.gentoo.org/glsa/202208-37","reference_id":"GLSA-202208-37","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-37"},{"reference_url":"https://security.gentoo.org/glsa/202208-38","reference_id":"GLSA-202208-38","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-38"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-34","reference_id":"mfsa2022-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-34/","reference_id":"mfsa2022-34","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T17:23:43Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-34/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-36","reference_id":"mfsa2022-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-36"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-36/","reference_id":"mfsa2022-36","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T17:23:43Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-36/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6164","reference_id":"RHSA-2022:6164","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6164"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6165","reference_id":"RHSA-2022:6165","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6165"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6166","reference_id":"RHSA-2022:6166","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6166"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6167","reference_id":"RHSA-2022:6167","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6167"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6168","reference_id":"RHSA-2022:6168","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6168"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6169","reference_id":"RHSA-2022:6169","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6169"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6174","reference_id":"RHSA-2022:6174","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6174"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6175","reference_id":"RHSA-2022:6175","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6175"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6176","reference_id":"RHSA-2022:6176","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6176"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6177","reference_id":"RHSA-2022:6177","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6177"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6178","reference_id":"RHSA-2022:6178","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6178"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6179","reference_id":"RHSA-2022:6179","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6179"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1760998","reference_id":"show_bug.cgi?id=1760998","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T17:23:43Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1760998"},{"reference_url":"https://usn.ubuntu.com/5663-1/","reference_id":"USN-5663-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5663-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940885?format=json","purl":"pkg:deb/debian/thunderbird@1:102.2.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.2.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2022-38476"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8kgq-qhy6-e3c2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46603?format=json","vulnerability_id":"VCID-8uk6-x62z-uybr","summary":"Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2505.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2505.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2505","reference_id":"","reference_type":"","scores":[{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43728","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43795","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43803","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43757","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43742","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43758","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.4379","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.4377","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43767","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43782","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43715","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.44932","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.44859","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45271","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45278","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46727","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46783","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46763","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46699","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.4679","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2505"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2111910","reference_id":"2111910","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2111910"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1769739%2C1772824","reference_id":"buglist.cgi?bug_id=1769739%2C1772824","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T14:58:50Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1769739%2C1772824"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-28","reference_id":"mfsa2022-28","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-28"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-28/","reference_id":"mfsa2022-28","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T14:58:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-28/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-30","reference_id":"mfsa2022-30","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-30/","reference_id":"mfsa2022-30","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T14:58:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-32","reference_id":"mfsa2022-32","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-32/","reference_id":"mfsa2022-32","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T14:58:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-32/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5765","reference_id":"RHSA-2022:5765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5766","reference_id":"RHSA-2022:5766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5767","reference_id":"RHSA-2022:5767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5769","reference_id":"RHSA-2022:5769","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5769"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5770","reference_id":"RHSA-2022:5770","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5770"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5771","reference_id":"RHSA-2022:5771","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5771"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5772","reference_id":"RHSA-2022:5772","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5772"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5773","reference_id":"RHSA-2022:5773","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5773"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5774","reference_id":"RHSA-2022:5774","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5774"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5776","reference_id":"RHSA-2022:5776","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5776"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5777","reference_id":"RHSA-2022:5777","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5777"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5778","reference_id":"RHSA-2022:5778","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5778"},{"reference_url":"https://usn.ubuntu.com/5536-1/","reference_id":"USN-5536-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5536-1/"},{"reference_url":"https://usn.ubuntu.com/5663-1/","reference_id":"USN-5663-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5663-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940876?format=json","purl":"pkg:deb/debian/thunderbird@1:102.1.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.1.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2022-2505"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8uk6-x62z-uybr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51405?format=json","vulnerability_id":"VCID-9dpt-xfu6-cuh5","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4580.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4580.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4580","reference_id":"","reference_type":"","scores":[{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.2104","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21063","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21011","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.20976","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21138","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21058","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21165","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21039","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21043","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.20908","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24011","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24104","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24142","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23923","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23989","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24036","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24053","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23954","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23964","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.23952","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4580"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2236079","reference_id":"2236079","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2236079"},{"reference_url":"https://security.gentoo.org/glsa/202402-25","reference_id":"GLSA-202402-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-25"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-34","reference_id":"mfsa2023-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-34/","reference_id":"mfsa2023-34","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T20:01:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-34/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-36","reference_id":"mfsa2023-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-36"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-36/","reference_id":"mfsa2023-36","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T20:01:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-36/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-38","reference_id":"mfsa2023-38","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-38"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-38/","reference_id":"mfsa2023-38","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T20:01:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-38/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4945","reference_id":"RHSA-2023:4945","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4946","reference_id":"RHSA-2023:4946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4947","reference_id":"RHSA-2023:4947","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4948","reference_id":"RHSA-2023:4948","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4948"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4949","reference_id":"RHSA-2023:4949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4950","reference_id":"RHSA-2023:4950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4951","reference_id":"RHSA-2023:4951","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4951"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4952","reference_id":"RHSA-2023:4952","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4952"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4954","reference_id":"RHSA-2023:4954","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4954"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4955","reference_id":"RHSA-2023:4955","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4955"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4956","reference_id":"RHSA-2023:4956","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4956"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4957","reference_id":"RHSA-2023:4957","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4957"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4958","reference_id":"RHSA-2023:4958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4958"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4959","reference_id":"RHSA-2023:4959","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4959"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5019","reference_id":"RHSA-2023:5019","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5019"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1843046","reference_id":"show_bug.cgi?id=1843046","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T20:01:48Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1843046"},{"reference_url":"https://usn.ubuntu.com/6320-1/","reference_id":"USN-6320-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6320-1/"},{"reference_url":"https://usn.ubuntu.com/6405-1/","reference_id":"USN-6405-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6405-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940917?format=json","purl":"pkg:deb/debian/thunderbird@1:115.2.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.2.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2023-4580"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9dpt-xfu6-cuh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63144?format=json","vulnerability_id":"VCID-9tc4-qr6d-6kfu","summary":"When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15654.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15654.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15654","reference_id":"","reference_type":"","scores":[{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65769","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65654","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.6563","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65679","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65723","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65694","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65712","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65513","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65562","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65592","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65558","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65611","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65623","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65642","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65627","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65599","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65634","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65647","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65629","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65644","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65655","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15654"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861649","reference_id":"1861649","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861649"},{"reference_url":"https://security.archlinux.org/AVG-1213","reference_id":"AVG-1213","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1213"},{"reference_url":"https://security.archlinux.org/AVG-1214","reference_id":"AVG-1214","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1214"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-30","reference_id":"mfsa2020-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-30"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-32","reference_id":"mfsa2020-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-32"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-33","reference_id":"mfsa2020-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-33"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3555","reference_id":"RHSA-2020:3555","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3555"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3557","reference_id":"RHSA-2020:3557","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3557"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3559","reference_id":"RHSA-2020:3559","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3559"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4080","reference_id":"RHSA-2020:4080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4080"},{"reference_url":"https://usn.ubuntu.com/4443-1/","reference_id":"USN-4443-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4443-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2020-15654"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9tc4-qr6d-6kfu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62956?format=json","vulnerability_id":"VCID-9tnr-m8mg-3ffw","summary":"Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system.*This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5265.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5265.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5265","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.186","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18369","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18339","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18371","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18269","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18696","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18183","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18321","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18361","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18377","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18475","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18466","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18547","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18464","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18453","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18444","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18502","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18555","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18602","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.1875","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5265"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2368748","reference_id":"2368748","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2368748"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-42","reference_id":"mfsa2025-42","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-42"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-42/","reference_id":"mfsa2025-42","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T15:10:15Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T03:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-42/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-43","reference_id":"mfsa2025-43","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-43"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-43/","reference_id":"mfsa2025-43","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T03:55:57Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T15:10:15Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-43/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-44","reference_id":"mfsa2025-44","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-44"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-44/","reference_id":"mfsa2025-44","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T03:55:57Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T15:10:15Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-44/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-45","reference_id":"mfsa2025-45","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-45"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-45/","reference_id":"mfsa2025-45","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T15:10:15Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T03:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-45/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-46","reference_id":"mfsa2025-46","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-46"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-46/","reference_id":"mfsa2025-46","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T03:55:57Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T15:10:15Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-46/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1962301","reference_id":"show_bug.cgi?id=1962301","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T03:55:57Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T15:10:15Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1962301"},{"reference_url":"https://usn.ubuntu.com/7663-1/","reference_id":"USN-7663-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7663-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2025-5265"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9tnr-m8mg-3ffw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36761?format=json","vulnerability_id":"VCID-9u64-4cr7-w3e1","summary":"The Mozilla Foundation has reported numerous security vulnerabilities\n    related to Mozilla SeaMonkey.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-3677.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-3677.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-3677","reference_id":"","reference_type":"","scores":[{"value":"0.67298","scoring_system":"epss","scoring_elements":"0.98584","published_at":"2026-05-14T12:55:00Z"},{"value":"0.67298","scoring_system":"epss","scoring_elements":"0.98574","published_at":"2026-04-29T12:55:00Z"},{"value":"0.67298","scoring_system":"epss","scoring_elements":"0.9858","published_at":"2026-05-11T12:55:00Z"},{"value":"0.67298","scoring_system":"epss","scoring_elements":"0.98581","published_at":"2026-05-09T12:55:00Z"},{"value":"0.67298","scoring_system":"epss","scoring_elements":"0.98582","published_at":"2026-05-12T12:55:00Z"},{"value":"0.67298","scoring_system":"epss","scoring_elements":"0.98557","published_at":"2026-04-07T12:55:00Z"},{"value":"0.67298","scoring_system":"epss","scoring_elements":"0.98559","published_at":"2026-04-08T12:55:00Z"},{"value":"0.67298","scoring_system":"epss","scoring_elements":"0.98561","published_at":"2026-04-09T12:55:00Z"},{"value":"0.67298","scoring_system":"epss","scoring_elements":"0.98563","published_at":"2026-04-13T12:55:00Z"},{"value":"0.67298","scoring_system":"epss","scoring_elements":"0.98569","published_at":"2026-04-21T12:55:00Z"},{"value":"0.67298","scoring_system":"epss","scoring_elements":"0.9857","published_at":"2026-04-18T12:55:00Z"},{"value":"0.67298","scoring_system":"epss","scoring_elements":"0.98572","published_at":"2026-04-24T12:55:00Z"},{"value":"0.67298","scoring_system":"epss","scoring_elements":"0.98573","published_at":"2026-04-26T12:55:00Z"},{"value":"0.76758","scoring_system":"epss","scoring_elements":"0.98939","published_at":"2026-04-01T12:55:00Z"},{"value":"0.76758","scoring_system":"epss","scoring_elements":"0.98941","published_at":"2026-04-02T12:55:00Z"},{"value":"0.76758","scoring_system":"epss","scoring_elements":"0.98943","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-3677"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1618153","reference_id":"1618153","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1618153"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3677","reference_id":"CVE-2006-3677","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3677"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/2082.html","reference_id":"CVE-2006-3677","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/2082.html"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/16300.rb","reference_id":"CVE-2006-3677;OSVDB-27559","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/16300.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/9946.rb","reference_id":"CVE-2006-3677;OSVDB-27559","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/9946.rb"},{"reference_url":"https://security.gentoo.org/glsa/200608-02","reference_id":"GLSA-200608-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200608-02"},{"reference_url":"https://security.gentoo.org/glsa/200608-03","reference_id":"GLSA-200608-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200608-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2006-45","reference_id":"mfsa2006-45","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2006-45"},{"reference_url":"https://access.redhat.com/errata/RHSA-2006:0594","reference_id":"RHSA-2006:0594","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2006:0594"},{"reference_url":"https://access.redhat.com/errata/RHSA-2006:0608","reference_id":"RHSA-2006:0608","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2006:0608"},{"reference_url":"https://access.redhat.com/errata/RHSA-2006:0609","reference_id":"RHSA-2006:0609","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2006:0609"},{"reference_url":"https://access.redhat.com/errata/RHSA-2006:0610","reference_id":"RHSA-2006:0610","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2006:0610"},{"reference_url":"https://access.redhat.com/errata/RHSA-2006:0611","reference_id":"RHSA-2006:0611","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2006:0611"},{"reference_url":"https://usn.ubuntu.com/327-1/","reference_id":"USN-327-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/327-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2006-3677"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9u64-4cr7-w3e1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63207?format=json","vulnerability_id":"VCID-9y48-sjn7-rqeu","summary":"Mozilla developers and community members Kevin Brosnan, Mihai Alexandru Michis, and Christian Holler reported memory safety bugs present in Thunderbird 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38501.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38501.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38501","reference_id":"","reference_type":"","scores":[{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.662","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.66236","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.6625","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.6626","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.66273","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.66271","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.66292","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.66327","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.66385","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.66307","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.66334","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.66231","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.66249","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.7141","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71334","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71341","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.7136","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71333","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71374","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71387","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38501"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2011101","reference_id":"2011101","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2011101"},{"reference_url":"https://security.archlinux.org/AVG-2443","reference_id":"AVG-2443","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2443"},{"reference_url":"https://security.archlinux.org/AVG-2459","reference_id":"AVG-2459","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2459"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-43","reference_id":"mfsa2021-43","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-43"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-45","reference_id":"mfsa2021-45","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-45"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-47","reference_id":"mfsa2021-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-47"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3755","reference_id":"RHSA-2021:3755","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3755"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3756","reference_id":"RHSA-2021:3756","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3756"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3757","reference_id":"RHSA-2021:3757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3791","reference_id":"RHSA-2021:3791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3838","reference_id":"RHSA-2021:3838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3839","reference_id":"RHSA-2021:3839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3840","reference_id":"RHSA-2021:3840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3841","reference_id":"RHSA-2021:3841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3841"},{"reference_url":"https://usn.ubuntu.com/5107-1/","reference_id":"USN-5107-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5107-1/"},{"reference_url":"https://usn.ubuntu.com/5132-1/","reference_id":"USN-5132-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5132-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2021-38501"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9y48-sjn7-rqeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46037?format=json","vulnerability_id":"VCID-a2as-nfu2-ykax","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32214.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32214.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32214","reference_id":"","reference_type":"","scores":[{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45719","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45749","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45731","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45707","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45727","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45675","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47716","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47671","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47614","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47643","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47787","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.4778","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47731","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47713","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47721","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47668","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47584","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47649","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32214"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2196743","reference_id":"2196743","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2196743"},{"reference_url":"https://security.gentoo.org/glsa/202312-03","reference_id":"GLSA-202312-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202312-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-16","reference_id":"mfsa2023-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-16"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-17","reference_id":"mfsa2023-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-17"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-18","reference_id":"mfsa2023-18","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-18"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2023-32214"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a2as-nfu2-ykax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63397?format=json","vulnerability_id":"VCID-akhr-nck5-sfh2","summary":"When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.This bug only affects Thunderbird for Windows. Other operating systems are unaffected.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36314.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36314.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36314","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13084","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13165","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13285","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13098","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13219","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12997","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13096","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13148","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13185","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13217","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14003","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.13978","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14807","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14728","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15567","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1564","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15661","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15559","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15439","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36314"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2111909","reference_id":"2111909","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2111909"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-28","reference_id":"mfsa2022-28","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-28"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-28/","reference_id":"mfsa2022-28","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:33:47Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-28/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-30","reference_id":"mfsa2022-30","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-30/","reference_id":"mfsa2022-30","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:33:47Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-32","reference_id":"mfsa2022-32","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-32/","reference_id":"mfsa2022-32","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:33:47Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-32/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1773894","reference_id":"show_bug.cgi?id=1773894","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T17:33:47Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1773894"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2022-36314"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-akhr-nck5-sfh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62963?format=json","vulnerability_id":"VCID-avgs-nz9j-gqg8","summary":"On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1930.json","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1930.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1930","reference_id":"","reference_type":"","scores":[{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55837","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55858","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55836","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55901","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55888","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.55891","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56928","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56948","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56885","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56861","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56909","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56849","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56803","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56931","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56934","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56905","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57621","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57579","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.576","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.5758","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1930"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2349787","reference_id":"2349787","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2349787"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-14","reference_id":"mfsa2025-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-14/","reference_id":"mfsa2025-14","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-05T16:42:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-15","reference_id":"mfsa2025-15","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-15/","reference_id":"mfsa2025-15","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-05T16:42:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-16","reference_id":"mfsa2025-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-16/","reference_id":"mfsa2025-16","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-05T16:42:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-17","reference_id":"mfsa2025-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-17/","reference_id":"mfsa2025-17","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-05T16:42:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-17/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-18","reference_id":"mfsa2025-18","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-18"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-18/","reference_id":"mfsa2025-18","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-05T16:42:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-18/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2359","reference_id":"RHSA-2025:2359","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2359"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2452","reference_id":"RHSA-2025:2452","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2452"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2479","reference_id":"RHSA-2025:2479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2480","reference_id":"RHSA-2025:2480","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2480"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2481","reference_id":"RHSA-2025:2481","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2481"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2484","reference_id":"RHSA-2025:2484","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2484"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2485","reference_id":"RHSA-2025:2485","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2486","reference_id":"RHSA-2025:2486","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2486"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2699","reference_id":"RHSA-2025:2699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2708","reference_id":"RHSA-2025:2708","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2708"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1902309","reference_id":"show_bug.cgi?id=1902309","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-05T16:42:08Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1902309"},{"reference_url":"https://usn.ubuntu.com/7663-1/","reference_id":"USN-7663-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7663-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2025-1930"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-avgs-nz9j-gqg8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63139?format=json","vulnerability_id":"VCID-awnf-jwg6-k3bk","summary":"Mozilla Developer Rob Wu discovered that a redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15655.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15655.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15655","reference_id":"","reference_type":"","scores":[{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.4564","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45625","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.4552","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45583","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45601","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45543","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45569","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45665","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45731","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.4575","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.457","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45756","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45752","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45775","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45744","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45753","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45803","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45798","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45745","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45675","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45685","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15655"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861644","reference_id":"1861644","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861644"},{"reference_url":"https://security.archlinux.org/AVG-1213","reference_id":"AVG-1213","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1213"},{"reference_url":"https://security.archlinux.org/AVG-1214","reference_id":"AVG-1214","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1214"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-30","reference_id":"mfsa2020-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-30"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-32","reference_id":"mfsa2020-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-32"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-33","reference_id":"mfsa2020-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-33"},{"reference_url":"https://usn.ubuntu.com/4443-1/","reference_id":"USN-4443-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4443-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2020-15655"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-awnf-jwg6-k3bk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63320?format=json","vulnerability_id":"VCID-ax8a-z9s4-e3dk","summary":"A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. This could be used to retrieve and execute files whose location is supplied through these command line arguments if Firefox is configured as the default URI handler for a given URI scheme in third party applications and these applications insufficiently sanitize URL data.  *Note: This issue only affects Windows operating systems. Other operating systems are unaffected.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9794.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9794.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9794","reference_id":"","reference_type":"","scores":[{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61985","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61839","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61887","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61949","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.6193","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.6173","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61804","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61834","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61805","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61854","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61869","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61891","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61879","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61859","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61902","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61907","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.6189","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61885","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61903","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61895","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9794"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1690679","reference_id":"1690679","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1690679"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07","reference_id":"mfsa2019-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-08","reference_id":"mfsa2019-08","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-08"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-11","reference_id":"mfsa2019-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2019-9794"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ax8a-z9s4-e3dk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36131?format=json","vulnerability_id":"VCID-b6ug-rdyx-4uaw","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8900.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8900.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8900","reference_id":"","reference_type":"","scores":[{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41694","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41619","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41593","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41684","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41668","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41599","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41738","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41819","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41889","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41826","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44133","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44128","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44151","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44082","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44136","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44152","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44119","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44181","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44171","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8900"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2312914","reference_id":"2312914","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2312914"},{"reference_url":"https://security.gentoo.org/glsa/202412-04","reference_id":"GLSA-202412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-04"},{"reference_url":"https://security.gentoo.org/glsa/202412-06","reference_id":"GLSA-202412-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-06"},{"reference_url":"https://security.gentoo.org/glsa/202505-08","reference_id":"GLSA-202505-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202505-08"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-33","reference_id":"mfsa2024-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-33/","reference_id":"mfsa2024-33","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T20:14:27Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-47","reference_id":"mfsa2024-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-47"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-47/","reference_id":"mfsa2024-47","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T20:14:27Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-47/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-49","reference_id":"mfsa2024-49","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-49"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-49/","reference_id":"mfsa2024-49","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T20:14:27Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-49/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7621","reference_id":"RHSA-2024:7621","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7621"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7622","reference_id":"RHSA-2024:7622","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7622"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7646","reference_id":"RHSA-2024:7646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7700","reference_id":"RHSA-2024:7700","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7700"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7702","reference_id":"RHSA-2024:7702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7703","reference_id":"RHSA-2024:7703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7704","reference_id":"RHSA-2024:7704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7842","reference_id":"RHSA-2024:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7842"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1872841","reference_id":"show_bug.cgi?id=1872841","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T20:14:27Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1872841"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940987?format=json","purl":"pkg:deb/debian/thunderbird@1:128.3.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.3.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2024-8900"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b6ug-rdyx-4uaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63336?format=json","vulnerability_id":"VCID-b8qk-zbj4-yfg2","summary":"When setting a thread name on Windows in WebRTC, an incorrect number of arguments could have been supplied, leading to stack corruption and a potentially exploitable crash. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13722.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13722.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13722","reference_id":"","reference_type":"","scores":[{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.57941","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.57851","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.57834","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.5779","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.57844","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.57759","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.57843","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.57863","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.57839","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.57893","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.57895","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.57911","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.57888","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.57867","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.57897","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.57896","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.57873","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.57833","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13722"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1779432","reference_id":"1779432","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1779432"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-36","reference_id":"mfsa2019-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-36"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-37","reference_id":"mfsa2019-37","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-37"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-38","reference_id":"mfsa2019-38","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-38"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2019-13722"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b8qk-zbj4-yfg2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36864?format=json","vulnerability_id":"VCID-bd6g-ev4d-kyf6","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird and\n    Firefox, the worst of which could lead to the execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18335.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18335.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18335","reference_id":"","reference_type":"","scores":[{"value":"0.01594","scoring_system":"epss","scoring_elements":"0.81864","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01594","scoring_system":"epss","scoring_elements":"0.81765","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01594","scoring_system":"epss","scoring_elements":"0.81786","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01594","scoring_system":"epss","scoring_elements":"0.8181","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01594","scoring_system":"epss","scoring_elements":"0.81806","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01594","scoring_system":"epss","scoring_elements":"0.81823","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01594","scoring_system":"epss","scoring_elements":"0.81603","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01594","scoring_system":"epss","scoring_elements":"0.81614","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01594","scoring_system":"epss","scoring_elements":"0.81635","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01594","scoring_system":"epss","scoring_elements":"0.81633","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01594","scoring_system":"epss","scoring_elements":"0.8166","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01594","scoring_system":"epss","scoring_elements":"0.81665","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01594","scoring_system":"epss","scoring_elements":"0.81685","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01594","scoring_system":"epss","scoring_elements":"0.81673","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01594","scoring_system":"epss","scoring_elements":"0.81666","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01594","scoring_system":"epss","scoring_elements":"0.81704","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01594","scoring_system":"epss","scoring_elements":"0.81708","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01594","scoring_system":"epss","scoring_elements":"0.81732","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01594","scoring_system":"epss","scoring_elements":"0.81741","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01594","scoring_system":"epss","scoring_elements":"0.81747","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18335"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17481","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17481"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18335","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18335"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18336","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18336"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18337","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18337"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18338","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18338"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18339","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18339"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18340","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18341","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18341"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18342","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18342"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18343","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18343"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18344","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18344"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18345","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18345"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18346","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18346"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18347","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18347"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18348","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18348"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18349","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18349"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18350","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18350"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18353","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18353"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20065","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20065"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20067","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20067"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20068","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20068"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20070","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20070"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20346","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20346"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1656549","reference_id":"1656549","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1656549"},{"reference_url":"https://security.archlinux.org/ASA-201812-2","reference_id":"ASA-201812-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201812-2"},{"reference_url":"https://security.archlinux.org/ASA-201902-23","reference_id":"ASA-201902-23","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201902-23"},{"reference_url":"https://security.archlinux.org/AVG-824","reference_id":"AVG-824","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-824"},{"reference_url":"https://security.archlinux.org/AVG-908","reference_id":"AVG-908","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-908"},{"reference_url":"https://security.gentoo.org/glsa/201904-07","reference_id":"GLSA-201904-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201904-07"},{"reference_url":"https://security.gentoo.org/glsa/201908-18","reference_id":"GLSA-201908-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201908-18"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-05","reference_id":"mfsa2019-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-05"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-06","reference_id":"mfsa2019-06","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3803","reference_id":"RHSA-2018:3803","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3803"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2018-18335"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bd6g-ev4d-kyf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36139?format=json","vulnerability_id":"VCID-bsnh-1chq-z7ae","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9400.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9400.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-9400","reference_id":"","reference_type":"","scores":[{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.3335","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33844","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33876","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33874","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33832","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33808","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33846","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.338","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33436","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33418","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33336","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33228","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33294","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33335","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33246","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33272","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33917","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33949","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33802","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-9400"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2315953","reference_id":"2315953","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2315953"},{"reference_url":"https://security.gentoo.org/glsa/202412-04","reference_id":"GLSA-202412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-04"},{"reference_url":"https://security.gentoo.org/glsa/202412-06","reference_id":"GLSA-202412-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-06"},{"reference_url":"https://security.gentoo.org/glsa/202505-08","reference_id":"GLSA-202505-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202505-08"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-46","reference_id":"mfsa2024-46","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-46"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-46/","reference_id":"mfsa2024-46","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-01T18:42:31Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-46/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-47","reference_id":"mfsa2024-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-47"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-47/","reference_id":"mfsa2024-47","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-01T18:42:31Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-47/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-49","reference_id":"mfsa2024-49","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-49"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-49/","reference_id":"mfsa2024-49","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-01T18:42:31Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-49/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-50","reference_id":"mfsa2024-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-50"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-50/","reference_id":"mfsa2024-50","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-01T18:42:31Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-50/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7552","reference_id":"RHSA-2024:7552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7621","reference_id":"RHSA-2024:7621","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7621"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7622","reference_id":"RHSA-2024:7622","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7622"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7646","reference_id":"RHSA-2024:7646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7699","reference_id":"RHSA-2024:7699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7700","reference_id":"RHSA-2024:7700","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7700"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7702","reference_id":"RHSA-2024:7702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7703","reference_id":"RHSA-2024:7703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7704","reference_id":"RHSA-2024:7704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7842","reference_id":"RHSA-2024:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7853","reference_id":"RHSA-2024:7853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7853"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7854","reference_id":"RHSA-2024:7854","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7854"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7855","reference_id":"RHSA-2024:7855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7856","reference_id":"RHSA-2024:7856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8166","reference_id":"RHSA-2024:8166","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8166"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8169","reference_id":"RHSA-2024:8169","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8169"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1915249","reference_id":"show_bug.cgi?id=1915249","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-01T18:42:31Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1915249"},{"reference_url":"https://usn.ubuntu.com/7056-1/","reference_id":"USN-7056-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7056-1/"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940987?format=json","purl":"pkg:deb/debian/thunderbird@1:128.3.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.3.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2024-9400"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bsnh-1chq-z7ae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50254?format=json","vulnerability_id":"VCID-c52k-tg8d-sbeg","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23599.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23599.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-23599","reference_id":"","reference_type":"","scores":[{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.33894","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.3398","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.33895","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.33774","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.33843","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.33884","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.33797","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.3382","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34484","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34512","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34379","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34422","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34451","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34453","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34414","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.3439","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34425","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34412","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34371","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-23599"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2162339","reference_id":"2162339","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2162339"},{"reference_url":"https://security.gentoo.org/glsa/202305-06","reference_id":"GLSA-202305-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202305-06"},{"reference_url":"https://security.gentoo.org/glsa/202305-13","reference_id":"GLSA-202305-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202305-13"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-01","reference_id":"mfsa2023-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-01/","reference_id":"mfsa2023-01","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T16:21:01Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-02","reference_id":"mfsa2023-02","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-02"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-02/","reference_id":"mfsa2023-02","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T16:21:01Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-02/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-03","reference_id":"mfsa2023-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-03/","reference_id":"mfsa2023-03","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T16:21:01Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-03/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0285","reference_id":"RHSA-2023:0285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0286","reference_id":"RHSA-2023:0286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0288","reference_id":"RHSA-2023:0288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0289","reference_id":"RHSA-2023:0289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0290","reference_id":"RHSA-2023:0290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0294","reference_id":"RHSA-2023:0294","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0294"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0295","reference_id":"RHSA-2023:0295","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0295"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0296","reference_id":"RHSA-2023:0296","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0296"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0456","reference_id":"RHSA-2023:0456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0457","reference_id":"RHSA-2023:0457","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0457"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0459","reference_id":"RHSA-2023:0459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0460","reference_id":"RHSA-2023:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0460"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0461","reference_id":"RHSA-2023:0461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0462","reference_id":"RHSA-2023:0462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0463","reference_id":"RHSA-2023:0463","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0463"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0476","reference_id":"RHSA-2023:0476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0476"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1777800","reference_id":"show_bug.cgi?id=1777800","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T16:21:01Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1777800"},{"reference_url":"https://usn.ubuntu.com/5816-1/","reference_id":"USN-5816-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5816-1/"},{"reference_url":"https://usn.ubuntu.com/5824-1/","reference_id":"USN-5824-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5824-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2023-23599"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c52k-tg8d-sbeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51402?format=json","vulnerability_id":"VCID-cfqv-7r6b-g3e9","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4576.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4576.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4576","reference_id":"","reference_type":"","scores":[{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55557","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55538","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55558","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55561","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55539","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55463","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55483","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55457","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55407","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55453","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.5551","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55469","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55497","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55521","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55549","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55559","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4576"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2236074","reference_id":"2236074","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2236074"},{"reference_url":"https://security.gentoo.org/glsa/202402-25","reference_id":"GLSA-202402-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-25"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-34","reference_id":"mfsa2023-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-34/","reference_id":"mfsa2023-34","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:57:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-34/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-35","reference_id":"mfsa2023-35","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-35"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-35/","reference_id":"mfsa2023-35","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:57:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-35/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-36","reference_id":"mfsa2023-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-36"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-36/","reference_id":"mfsa2023-36","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:57:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-36/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-37","reference_id":"mfsa2023-37","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-37"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-37/","reference_id":"mfsa2023-37","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:57:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-37/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-38","reference_id":"mfsa2023-38","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-38"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-38/","reference_id":"mfsa2023-38","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:57:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-38/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1846694","reference_id":"show_bug.cgi?id=1846694","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:57:46Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1846694"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2023-4576"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cfqv-7r6b-g3e9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63090?format=json","vulnerability_id":"VCID-cmnc-fyxb-rfd4","summary":"An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash.*This bug only affects Firefox for macOS. Other operating systems are unaffected.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29531.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29531.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29531","reference_id":"","reference_type":"","scores":[{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.68034","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.68068","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.67996","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.68082","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.68059","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.68044","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.68015","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.67993","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00569","scoring_system":"epss","scoring_elements":"0.68767","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00569","scoring_system":"epss","scoring_elements":"0.68663","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00569","scoring_system":"epss","scoring_elements":"0.68642","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00569","scoring_system":"epss","scoring_elements":"0.68684","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00569","scoring_system":"epss","scoring_elements":"0.68722","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00569","scoring_system":"epss","scoring_elements":"0.68689","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00569","scoring_system":"epss","scoring_elements":"0.68713","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00589","scoring_system":"epss","scoring_elements":"0.69213","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00589","scoring_system":"epss","scoring_elements":"0.69253","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00589","scoring_system":"epss","scoring_elements":"0.69244","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00589","scoring_system":"epss","scoring_elements":"0.69193","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00589","scoring_system":"epss","scoring_elements":"0.69205","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29531"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2186099","reference_id":"2186099","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2186099"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-13","reference_id":"mfsa2023-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-13/","reference_id":"mfsa2023-13","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-11T15:34:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-14","reference_id":"mfsa2023-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-14/","reference_id":"mfsa2023-14","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-11T15:34:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-15","reference_id":"mfsa2023-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-15/","reference_id":"mfsa2023-15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-11T15:34:50Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-15/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1794292","reference_id":"show_bug.cgi?id=1794292","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-11T15:34:50Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1794292"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2023-29531"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cmnc-fyxb-rfd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16963?format=json","vulnerability_id":"VCID-cw2e-p5x2-j7fu","summary":"Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')\nmatrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This issue has been fixed in matrix-js-sdk 19.4.0 and users are advised to upgrade. Users unable to upgrade may mitigate this issue by redacting applicable events, waiting for the sync processor to store data, and restarting the client. Alternatively, redacting the applicable events and clearing all storage will often fix most perceived issues. In some cases, no workarounds are possible.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36059.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36059.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36059","reference_id":"","reference_type":"","scores":[{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68681","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.6853","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68518","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68486","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68525","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68538","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68517","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68566","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68571","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68576","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68554","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68597","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68634","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68601","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68625","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68441","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.6846","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68437","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68487","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68504","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36059"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36059","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36059"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/matrix-org/matrix-js-sdk","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/matrix-org/matrix-js-sdk"},{"reference_url":"https://github.com/matrix-org/matrix-js-sdk/releases/tag/v19.4.0","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/matrix-org/matrix-js-sdk/releases/tag/v19.4.0"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018970","reference_id":"1018970","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018970"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2123258","reference_id":"2123258","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2123258"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36059","reference_id":"CVE-2022-36059","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36059"},{"reference_url":"https://github.com/advisories/GHSA-rfv9-x7hh-xc32","reference_id":"GHSA-rfv9-x7hh-xc32","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rfv9-x7hh-xc32"},{"reference_url":"https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-rfv9-x7hh-xc32","reference_id":"GHSA-rfv9-x7hh-xc32","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"},{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T20:05:25Z/"}],"url":"https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-rfv9-x7hh-xc32"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-38","reference_id":"mfsa2022-38","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6708","reference_id":"RHSA-2022:6708","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6708"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6710","reference_id":"RHSA-2022:6710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6710"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6713","reference_id":"RHSA-2022:6713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6715","reference_id":"RHSA-2022:6715","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6715"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6716","reference_id":"RHSA-2022:6716","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6716"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6717","reference_id":"RHSA-2022:6717","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6717"},{"reference_url":"https://usn.ubuntu.com/5663-1/","reference_id":"USN-5663-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5663-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940881?format=json","purl":"pkg:deb/debian/thunderbird@1:102.2.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.2.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2022-36059","GHSA-rfv9-x7hh-xc32"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cw2e-p5x2-j7fu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33949?format=json","vulnerability_id":"VCID-dveb-sthz-bkgu","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25738.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25738.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25738","reference_id":"","reference_type":"","scores":[{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.36797","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37218","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37201","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37145","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.36921","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.36889","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.36801","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.36684","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.36751","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.36775","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.36699","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.36721","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37303","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37329","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37156","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37208","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37223","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37233","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37199","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37172","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25738"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170380","reference_id":"2170380","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170380"},{"reference_url":"https://security.gentoo.org/glsa/202305-35","reference_id":"GLSA-202305-35","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202305-35"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-05","reference_id":"mfsa2023-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-05/","reference_id":"mfsa2023-05","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T20:08:20Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-05/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-06","reference_id":"mfsa2023-06","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-06"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-06/","reference_id":"mfsa2023-06","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T20:08:20Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-06/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-07","reference_id":"mfsa2023-07","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-07"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-07/","reference_id":"mfsa2023-07","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T20:08:20Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-07/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1811852","reference_id":"show_bug.cgi?id=1811852","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T20:08:20Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1811852"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2023-25738"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dveb-sthz-bkgu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39098?format=json","vulnerability_id":"VCID-dwy5-7rms-rkg6","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the world of which could result in arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3155.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3155.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3155","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.1122","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11223","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10951","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11089","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11161","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11129","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11171","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11282","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11096","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11175","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11232","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11241","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11209","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11183","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11048","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11057","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11188","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11123","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11078","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11014","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3155"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2128806","reference_id":"2128806","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2128806"},{"reference_url":"https://security.gentoo.org/glsa/202209-18","reference_id":"GLSA-202209-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202209-18"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-42","reference_id":"mfsa2022-42","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-42"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-42/","reference_id":"mfsa2022-42","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T15:58:46Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-42/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1789061","reference_id":"show_bug.cgi?id=1789061","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T15:58:46Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1789061"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2022-3155"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dwy5-7rms-rkg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62617?format=json","vulnerability_id":"VCID-e7p8-zrwx-5ug6","summary":"A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions like pressing \"Esc\" or accessing right-click menus, resulting in a disrupted browsing experience until the browser is restarted.  *This bug only affects the application when running on macOS. Other operating systems are unaffected.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11698.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11698.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-11698","reference_id":"","reference_type":"","scores":[{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.3918","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39198","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39236","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39224","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39208","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39154","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39212","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39234","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47065","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47127","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47075","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47061","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47071","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.4702","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.46937","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47001","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.46964","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.46996","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-11698"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2328953","reference_id":"2328953","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2328953"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-63","reference_id":"mfsa2024-63","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-63"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-63/","reference_id":"mfsa2024-63","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:16:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-63/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-64","reference_id":"mfsa2024-64","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-64"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-64/","reference_id":"mfsa2024-64","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:16:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-64/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-67","reference_id":"mfsa2024-67","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-67"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-67/","reference_id":"mfsa2024-67","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:16:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-67/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-68","reference_id":"mfsa2024-68","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-68"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-68/","reference_id":"mfsa2024-68","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:16:08Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-68/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1916152","reference_id":"show_bug.cgi?id=1916152","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:16:08Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1916152"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2024-11698"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e7p8-zrwx-5ug6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63094?format=json","vulnerability_id":"VCID-ebhp-kzkz-euhu","summary":"Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. *This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29545.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29545.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29545","reference_id":"","reference_type":"","scores":[{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.57024","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.57048","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.57007","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.57069","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.57058","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.57056","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.57029","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00344","scoring_system":"epss","scoring_elements":"0.57006","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58752","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58679","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58684","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.5866","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58628","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58642","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58596","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.5864","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58698","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58654","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58682","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29545"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2186108","reference_id":"2186108","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2186108"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-13","reference_id":"mfsa2023-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-13/","reference_id":"mfsa2023-13","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T15:48:18Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-14","reference_id":"mfsa2023-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-14/","reference_id":"mfsa2023-14","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T15:48:18Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-15","reference_id":"mfsa2023-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-15/","reference_id":"mfsa2023-15","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T15:48:18Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-15/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1823077","reference_id":"show_bug.cgi?id=1823077","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T15:48:18Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1823077"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2023-29545"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ebhp-kzkz-euhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62706?format=json","vulnerability_id":"VCID-efvs-1tuf-guf4","summary":"Information disclosure in the Widget: Cocoa component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4712.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4712.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4712","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03592","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03584","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03461","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03449","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03524","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03475","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03499","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03528","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03572","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.0355","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03538","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03549","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04444","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04351","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04386","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04377","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04403","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04438","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04441","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04443","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4712"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450728","reference_id":"2450728","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450728"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-20/","reference_id":"mfsa2026-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:49:31Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-22/","reference_id":"mfsa2026-22","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:49:31Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-22/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-23"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-23/","reference_id":"mfsa2026-23","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:49:31Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-23/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-24/","reference_id":"mfsa2026-24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:49:31Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-24/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5930","reference_id":"RHSA-2026:5930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5931","reference_id":"RHSA-2026:5931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5932","reference_id":"RHSA-2026:5932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6188","reference_id":"RHSA-2026:6188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6342","reference_id":"RHSA-2026:6342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6917","reference_id":"RHSA-2026:6917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7837","reference_id":"RHSA-2026:7837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7838","reference_id":"RHSA-2026:7838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7839","reference_id":"RHSA-2026:7839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7840","reference_id":"RHSA-2026:7840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7841","reference_id":"RHSA-2026:7841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7842","reference_id":"RHSA-2026:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7843","reference_id":"RHSA-2026:7843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7845","reference_id":"RHSA-2026:7845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7858","reference_id":"RHSA-2026:7858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8284","reference_id":"RHSA-2026:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8285","reference_id":"RHSA-2026:8285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8286","reference_id":"RHSA-2026:8286","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8286"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8287","reference_id":"RHSA-2026:8287","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8288","reference_id":"RHSA-2026:8288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8289","reference_id":"RHSA-2026:8289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8290","reference_id":"RHSA-2026:8290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8315","reference_id":"RHSA-2026:8315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8427","reference_id":"RHSA-2026:8427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8850","reference_id":"RHSA-2026:8850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8850"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2017666","reference_id":"show_bug.cgi?id=2017666","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T17:49:31Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2017666"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2026-4712"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-efvs-1tuf-guf4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62615?format=json","vulnerability_id":"VCID-f4ja-2ydw-cufu","summary":"The executable file warning was not presented when downloading .library-ms files.  *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11693.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11693.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-11693","reference_id":"","reference_type":"","scores":[{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52441","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52402","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52415","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52431","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52381","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52386","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52333","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52339","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52367","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.60395","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.60327","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.60312","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.60284","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.603","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.60288","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.60244","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.60291","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.6035","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.60308","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00393","scoring_system":"epss","scoring_elements":"0.60335","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-11693"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2328949","reference_id":"2328949","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2328949"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-63","reference_id":"mfsa2024-63","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-63"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-63/","reference_id":"mfsa2024-63","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:32:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-63/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-64","reference_id":"mfsa2024-64","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-64"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-64/","reference_id":"mfsa2024-64","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:32:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-64/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-67","reference_id":"mfsa2024-67","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-67"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-67/","reference_id":"mfsa2024-67","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:32:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-67/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-68","reference_id":"mfsa2024-68","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-68"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-68/","reference_id":"mfsa2024-68","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:32:54Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-68/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1921458","reference_id":"show_bug.cgi?id=1921458","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:32:54Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1921458"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2024-11693"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f4ja-2ydw-cufu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63091?format=json","vulnerability_id":"VCID-f8c7-p8nz-bbap","summary":"A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not work on a SMB server.*Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29532.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29532.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29532","reference_id":"","reference_type":"","scores":[{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22475","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22557","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22685","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22642","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22627","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22611","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23508","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23453","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24463","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24561","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24552","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24527","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24471","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24457","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24416","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24291","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24369","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24431","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24366","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24384","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29532"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2186100","reference_id":"2186100","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2186100"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-13","reference_id":"mfsa2023-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-13/","reference_id":"mfsa2023-13","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T15:43:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-14","reference_id":"mfsa2023-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-14/","reference_id":"mfsa2023-14","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T15:43:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-14/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-15","reference_id":"mfsa2023-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-15/","reference_id":"mfsa2023-15","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T15:43:12Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-15/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1806394","reference_id":"show_bug.cgi?id=1806394","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T15:43:12Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1806394"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2023-29532"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f8c7-p8nz-bbap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63117?format=json","vulnerability_id":"VCID-g2et-bnvt-9fem","summary":"During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17021.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17021.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17021","reference_id":"","reference_type":"","scores":[{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64812","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64766","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64736","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64757","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64553","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64607","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64635","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64593","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64641","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64657","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64674","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64662","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64634","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.6467","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64681","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64667","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64687","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64699","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64694","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64721","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17021"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1788725","reference_id":"1788725","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1788725"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-01","reference_id":"mfsa2020-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-02","reference_id":"mfsa2020-02","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-02"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-04","reference_id":"mfsa2020-04","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2019-17021"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g2et-bnvt-9fem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63141?format=json","vulnerability_id":"VCID-h4r6-jrxh-6kcf","summary":"JIT optimizations involving the Javascript arguments object could confuse later optimizations.\nThis risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15656.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15656.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15656","reference_id":"","reference_type":"","scores":[{"value":"0.00695","scoring_system":"epss","scoring_elements":"0.72083","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00695","scoring_system":"epss","scoring_elements":"0.71976","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00695","scoring_system":"epss","scoring_elements":"0.71969","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00695","scoring_system":"epss","scoring_elements":"0.72004","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00695","scoring_system":"epss","scoring_elements":"0.72034","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00695","scoring_system":"epss","scoring_elements":"0.71998","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00695","scoring_system":"epss","scoring_elements":"0.72025","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00695","scoring_system":"epss","scoring_elements":"0.71858","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00695","scoring_system":"epss","scoring_elements":"0.71867","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00695","scoring_system":"epss","scoring_elements":"0.71886","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00695","scoring_system":"epss","scoring_elements":"0.71859","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00695","scoring_system":"epss","scoring_elements":"0.71897","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00695","scoring_system":"epss","scoring_elements":"0.71908","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00695","scoring_system":"epss","scoring_elements":"0.71932","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00695","scoring_system":"epss","scoring_elements":"0.71915","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00695","scoring_system":"epss","scoring_elements":"0.71898","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00695","scoring_system":"epss","scoring_elements":"0.7194","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00695","scoring_system":"epss","scoring_elements":"0.71944","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00695","scoring_system":"epss","scoring_elements":"0.71929","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00695","scoring_system":"epss","scoring_elements":"0.71973","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00695","scoring_system":"epss","scoring_elements":"0.71979","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15656"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861646","reference_id":"1861646","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861646"},{"reference_url":"https://security.archlinux.org/AVG-1213","reference_id":"AVG-1213","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1213"},{"reference_url":"https://security.archlinux.org/AVG-1214","reference_id":"AVG-1214","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1214"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-30","reference_id":"mfsa2020-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-30"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-32","reference_id":"mfsa2020-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-32"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-33","reference_id":"mfsa2020-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-33"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3555","reference_id":"RHSA-2020:3555","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3555"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3557","reference_id":"RHSA-2020:3557","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3557"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3559","reference_id":"RHSA-2020:3559","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3559"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4080","reference_id":"RHSA-2020:4080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4080"},{"reference_url":"https://usn.ubuntu.com/4443-1/","reference_id":"USN-4443-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4443-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2020-15656"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h4r6-jrxh-6kcf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63205?format=json","vulnerability_id":"VCID-hhu1-cgcx-nfev","summary":"During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38498.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38498.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38498","reference_id":"","reference_type":"","scores":[{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50665","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50623","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50536","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50626","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50572","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50592","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50619","published_at":"2026-04-04T12:55:00Z"},{"value":"0.007","scoring_system":"epss","scoring_elements":"0.72171","published_at":"2026-05-14T12:55:00Z"},{"value":"0.007","scoring_system":"epss","scoring_elements":"0.72077","published_at":"2026-04-26T12:55:00Z"},{"value":"0.007","scoring_system":"epss","scoring_elements":"0.72064","published_at":"2026-05-05T12:55:00Z"},{"value":"0.007","scoring_system":"epss","scoring_elements":"0.72095","published_at":"2026-05-07T12:55:00Z"},{"value":"0.007","scoring_system":"epss","scoring_elements":"0.72122","published_at":"2026-05-09T12:55:00Z"},{"value":"0.007","scoring_system":"epss","scoring_elements":"0.72086","published_at":"2026-05-11T12:55:00Z"},{"value":"0.007","scoring_system":"epss","scoring_elements":"0.72113","published_at":"2026-05-12T12:55:00Z"},{"value":"0.007","scoring_system":"epss","scoring_elements":"0.72008","published_at":"2026-04-12T12:55:00Z"},{"value":"0.007","scoring_system":"epss","scoring_elements":"0.71993","published_at":"2026-04-13T12:55:00Z"},{"value":"0.007","scoring_system":"epss","scoring_elements":"0.72034","published_at":"2026-04-16T12:55:00Z"},{"value":"0.007","scoring_system":"epss","scoring_elements":"0.72041","published_at":"2026-04-18T12:55:00Z"},{"value":"0.007","scoring_system":"epss","scoring_elements":"0.72026","published_at":"2026-04-21T12:55:00Z"},{"value":"0.007","scoring_system":"epss","scoring_elements":"0.7207","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38498"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2011099","reference_id":"2011099","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2011099"},{"reference_url":"https://security.archlinux.org/AVG-2443","reference_id":"AVG-2443","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2443"},{"reference_url":"https://security.archlinux.org/AVG-2459","reference_id":"AVG-2459","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2459"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-43","reference_id":"mfsa2021-43","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-43"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-45","reference_id":"mfsa2021-45","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-45"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-47","reference_id":"mfsa2021-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-47"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3755","reference_id":"RHSA-2021:3755","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3755"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3756","reference_id":"RHSA-2021:3756","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3756"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3757","reference_id":"RHSA-2021:3757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3791","reference_id":"RHSA-2021:3791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3838","reference_id":"RHSA-2021:3838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3839","reference_id":"RHSA-2021:3839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3840","reference_id":"RHSA-2021:3840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3841","reference_id":"RHSA-2021:3841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3841"},{"reference_url":"https://usn.ubuntu.com/5107-1/","reference_id":"USN-5107-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5107-1/"},{"reference_url":"https://usn.ubuntu.com/5132-1/","reference_id":"USN-5132-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5132-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2021-38498"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hhu1-cgcx-nfev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51393?format=json","vulnerability_id":"VCID-j2ax-jb2h-byeu","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4052.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4052.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4052","reference_id":"","reference_type":"","scores":[{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39066","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39181","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39099","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.38972","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39043","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.3906","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.3897","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.38992","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39491","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39515","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39429","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39484","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.395","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.3951","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39472","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39455","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39506","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39478","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39393","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39198","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4052"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2228369","reference_id":"2228369","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2228369"},{"reference_url":"https://security.gentoo.org/glsa/202402-25","reference_id":"GLSA-202402-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-25"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-29","reference_id":"mfsa2023-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-29"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-29/","reference_id":"mfsa2023-29","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:38:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-29/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-31","reference_id":"mfsa2023-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-31/","reference_id":"mfsa2023-31","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:38:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-31/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-33","reference_id":"mfsa2023-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-33/","reference_id":"mfsa2023-33","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:38:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-33/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1824420","reference_id":"show_bug.cgi?id=1824420","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:38:55Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1824420"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2023-4052"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j2ax-jb2h-byeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36141?format=json","vulnerability_id":"VCID-jebk-6hja-ukfc","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9402.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9402.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-9402","reference_id":"","reference_type":"","scores":[{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.3128","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31826","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31829","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31789","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31753","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31785","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31764","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31734","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31564","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31436","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31351","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31203","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31271","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31278","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31186","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31209","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31883","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31926","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31745","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00125","scoring_system":"epss","scoring_elements":"0.31796","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-9402"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2315951","reference_id":"2315951","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2315951"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1872744%2C1897792%2C1911317%2C1913445%2C1914106%2C1914475%2C1914963%2C1915008%2C1916476","reference_id":"buglist.cgi?bug_id=1872744%2C1897792%2C1911317%2C1913445%2C1914106%2C1914475%2C1914963%2C1915008%2C1916476","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-01T18:36:13Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1872744%2C1897792%2C1911317%2C1913445%2C1914106%2C1914475%2C1914963%2C1915008%2C1916476"},{"reference_url":"https://security.gentoo.org/glsa/202412-04","reference_id":"GLSA-202412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-04"},{"reference_url":"https://security.gentoo.org/glsa/202412-06","reference_id":"GLSA-202412-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-06"},{"reference_url":"https://security.gentoo.org/glsa/202505-08","reference_id":"GLSA-202505-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202505-08"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-46","reference_id":"mfsa2024-46","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-46"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-46/","reference_id":"mfsa2024-46","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-01T18:36:13Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-46/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-47","reference_id":"mfsa2024-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-47"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-47/","reference_id":"mfsa2024-47","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-01T18:36:13Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-47/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-49","reference_id":"mfsa2024-49","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-49"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-49/","reference_id":"mfsa2024-49","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-01T18:36:13Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-49/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-50","reference_id":"mfsa2024-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-50"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-50/","reference_id":"mfsa2024-50","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-01T18:36:13Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-50/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7505","reference_id":"RHSA-2024:7505","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7505"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7552","reference_id":"RHSA-2024:7552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7621","reference_id":"RHSA-2024:7621","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7621"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7622","reference_id":"RHSA-2024:7622","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7622"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7646","reference_id":"RHSA-2024:7646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7699","reference_id":"RHSA-2024:7699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7700","reference_id":"RHSA-2024:7700","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7700"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7702","reference_id":"RHSA-2024:7702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7703","reference_id":"RHSA-2024:7703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7704","reference_id":"RHSA-2024:7704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7842","reference_id":"RHSA-2024:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7853","reference_id":"RHSA-2024:7853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7853"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7854","reference_id":"RHSA-2024:7854","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7854"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7855","reference_id":"RHSA-2024:7855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7856","reference_id":"RHSA-2024:7856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8166","reference_id":"RHSA-2024:8166","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8166"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8169","reference_id":"RHSA-2024:8169","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8169"},{"reference_url":"https://usn.ubuntu.com/7056-1/","reference_id":"USN-7056-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7056-1/"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940987?format=json","purl":"pkg:deb/debian/thunderbird@1:128.3.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.3.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2024-9402"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jebk-6hja-ukfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36137?format=json","vulnerability_id":"VCID-k3ec-bt9r-pkhg","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9397.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9397.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-9397","reference_id":"","reference_type":"","scores":[{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44206","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44412","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44463","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.4447","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44486","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44456","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44511","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44502","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44433","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44352","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44355","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44274","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44148","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44226","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44241","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44176","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44455","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44476","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-9397"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2315949","reference_id":"2315949","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2315949"},{"reference_url":"https://security.gentoo.org/glsa/202412-04","reference_id":"GLSA-202412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-04"},{"reference_url":"https://security.gentoo.org/glsa/202412-06","reference_id":"GLSA-202412-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-06"},{"reference_url":"https://security.gentoo.org/glsa/202505-08","reference_id":"GLSA-202505-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202505-08"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-46","reference_id":"mfsa2024-46","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-46"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-46/","reference_id":"mfsa2024-46","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T18:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-46/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-47","reference_id":"mfsa2024-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-47"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-47/","reference_id":"mfsa2024-47","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T18:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-47/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-49","reference_id":"mfsa2024-49","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-49"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-49/","reference_id":"mfsa2024-49","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T18:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-49/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-50","reference_id":"mfsa2024-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-50"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-50/","reference_id":"mfsa2024-50","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T18:55:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-50/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7552","reference_id":"RHSA-2024:7552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7621","reference_id":"RHSA-2024:7621","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7621"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7622","reference_id":"RHSA-2024:7622","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7622"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7646","reference_id":"RHSA-2024:7646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7699","reference_id":"RHSA-2024:7699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7700","reference_id":"RHSA-2024:7700","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7700"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7702","reference_id":"RHSA-2024:7702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7703","reference_id":"RHSA-2024:7703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7704","reference_id":"RHSA-2024:7704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7842","reference_id":"RHSA-2024:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7853","reference_id":"RHSA-2024:7853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7853"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7854","reference_id":"RHSA-2024:7854","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7854"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7855","reference_id":"RHSA-2024:7855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7856","reference_id":"RHSA-2024:7856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8166","reference_id":"RHSA-2024:8166","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8166"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8169","reference_id":"RHSA-2024:8169","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8169"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1916659","reference_id":"show_bug.cgi?id=1916659","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T18:55:57Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1916659"},{"reference_url":"https://usn.ubuntu.com/7056-1/","reference_id":"USN-7056-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7056-1/"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940987?format=json","purl":"pkg:deb/debian/thunderbird@1:128.3.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.3.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2024-9397"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k3ec-bt9r-pkhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36138?format=json","vulnerability_id":"VCID-kpun-mgtm-5uhd","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9399.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9399.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-9399","reference_id":"","reference_type":"","scores":[{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49289","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49304","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49358","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49353","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49371","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49345","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49347","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49395","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49391","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49361","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49357","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.4931","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49222","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49285","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49311","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49261","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49321","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49349","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-9399"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2315945","reference_id":"2315945","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2315945"},{"reference_url":"https://security.gentoo.org/glsa/202412-04","reference_id":"GLSA-202412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-04"},{"reference_url":"https://security.gentoo.org/glsa/202412-06","reference_id":"GLSA-202412-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-06"},{"reference_url":"https://security.gentoo.org/glsa/202505-08","reference_id":"GLSA-202505-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202505-08"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-46","reference_id":"mfsa2024-46","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-46"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-46/","reference_id":"mfsa2024-46","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T15:39:09Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-46/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-47","reference_id":"mfsa2024-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-47"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-47/","reference_id":"mfsa2024-47","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T15:39:09Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-47/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-49","reference_id":"mfsa2024-49","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-49"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-49/","reference_id":"mfsa2024-49","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T15:39:09Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-49/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-50","reference_id":"mfsa2024-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-50"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-50/","reference_id":"mfsa2024-50","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T15:39:09Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-50/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7552","reference_id":"RHSA-2024:7552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7621","reference_id":"RHSA-2024:7621","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7621"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7622","reference_id":"RHSA-2024:7622","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7622"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7646","reference_id":"RHSA-2024:7646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7699","reference_id":"RHSA-2024:7699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7700","reference_id":"RHSA-2024:7700","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7700"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7702","reference_id":"RHSA-2024:7702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7703","reference_id":"RHSA-2024:7703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7704","reference_id":"RHSA-2024:7704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7842","reference_id":"RHSA-2024:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7853","reference_id":"RHSA-2024:7853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7853"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7854","reference_id":"RHSA-2024:7854","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7854"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7855","reference_id":"RHSA-2024:7855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7856","reference_id":"RHSA-2024:7856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8166","reference_id":"RHSA-2024:8166","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8166"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8169","reference_id":"RHSA-2024:8169","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8169"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1907726","reference_id":"show_bug.cgi?id=1907726","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-14T15:39:09Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1907726"},{"reference_url":"https://usn.ubuntu.com/7056-1/","reference_id":"USN-7056-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7056-1/"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940987?format=json","purl":"pkg:deb/debian/thunderbird@1:128.3.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.3.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2024-9399"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kpun-mgtm-5uhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63116?format=json","vulnerability_id":"VCID-krg2-d4vy-z7fu","summary":"During the initialization of a new content process, a pointer offset can be manipulated leading to memory corruption and a potentially exploitable crash in the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17015.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17015.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17015","reference_id":"","reference_type":"","scores":[{"value":"0.00932","scoring_system":"epss","scoring_elements":"0.76323","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00932","scoring_system":"epss","scoring_elements":"0.76272","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00932","scoring_system":"epss","scoring_elements":"0.76259","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00932","scoring_system":"epss","scoring_elements":"0.76273","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00932","scoring_system":"epss","scoring_elements":"0.76061","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00932","scoring_system":"epss","scoring_elements":"0.76064","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00932","scoring_system":"epss","scoring_elements":"0.76096","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00932","scoring_system":"epss","scoring_elements":"0.76075","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00932","scoring_system":"epss","scoring_elements":"0.76109","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00932","scoring_system":"epss","scoring_elements":"0.76122","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00932","scoring_system":"epss","scoring_elements":"0.76147","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00932","scoring_system":"epss","scoring_elements":"0.76123","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00932","scoring_system":"epss","scoring_elements":"0.7612","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00932","scoring_system":"epss","scoring_elements":"0.76161","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00932","scoring_system":"epss","scoring_elements":"0.76165","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00932","scoring_system":"epss","scoring_elements":"0.76148","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00932","scoring_system":"epss","scoring_elements":"0.76187","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00932","scoring_system":"epss","scoring_elements":"0.76197","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00932","scoring_system":"epss","scoring_elements":"0.7621","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00932","scoring_system":"epss","scoring_elements":"0.7622","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00932","scoring_system":"epss","scoring_elements":"0.7625","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17015"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1788722","reference_id":"1788722","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1788722"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-01","reference_id":"mfsa2020-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-02","reference_id":"mfsa2020-02","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-02"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-04","reference_id":"mfsa2020-04","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2019-17015"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-krg2-d4vy-z7fu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63113?format=json","vulnerability_id":"VCID-m92a-91pv-dffv","summary":"If a user downloaded a file lacking an extension on Windows, and then \"Open\"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension (such as .bat or .exe) that executable would have been launched instead.*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35112.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35112.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35112","reference_id":"","reference_type":"","scores":[{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.67476","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.67359","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.67333","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.67377","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.67416","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.67389","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.67413","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.67228","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.67265","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.67289","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.67266","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.67318","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.67331","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.67351","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.67338","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.67303","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.6735","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.67328","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.67347","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.67358","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35112"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1908028","reference_id":"1908028","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1908028"},{"reference_url":"https://security.archlinux.org/AVG-1364","reference_id":"AVG-1364","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1364"},{"reference_url":"https://security.archlinux.org/AVG-1366","reference_id":"AVG-1366","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1366"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-54","reference_id":"mfsa2020-54","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-54"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-55","reference_id":"mfsa2020-55","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-55"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-56","reference_id":"mfsa2020-56","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-56"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2020-35112"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m92a-91pv-dffv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35138?format=json","vulnerability_id":"VCID-mkyz-6v1k-wyen","summary":"Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29987","reference_id":"","reference_type":"","scores":[{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54287","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54136","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54178","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54193","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54219","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54129","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54147","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54176","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54151","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54203","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54199","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54249","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54231","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.5421","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54252","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54233","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54212","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54188","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29987"},{"reference_url":"https://security.archlinux.org/ASA-202108-14","reference_id":"ASA-202108-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-14"},{"reference_url":"https://security.archlinux.org/AVG-2269","reference_id":"AVG-2269","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2269"},{"reference_url":"https://security.archlinux.org/AVG-2291","reference_id":"AVG-2291","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2291"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33","reference_id":"mfsa2021-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36","reference_id":"mfsa2021-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36"},{"reference_url":"https://usn.ubuntu.com/5037-1/","reference_id":"USN-5037-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5037-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2021-29987"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mkyz-6v1k-wyen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33966?format=json","vulnerability_id":"VCID-mp4n-ez8p-63ek","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28163.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28163.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28163","reference_id":"","reference_type":"","scores":[{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47925","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47984","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47978","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47933","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47916","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47927","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47874","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47789","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47856","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47878","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47821","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47851","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47901","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47923","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47871","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47918","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47942","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.4792","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47929","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28163"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2178468","reference_id":"2178468","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2178468"},{"reference_url":"https://security.gentoo.org/glsa/202305-35","reference_id":"GLSA-202305-35","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202305-35"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-09","reference_id":"mfsa2023-09","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-09"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-09/","reference_id":"mfsa2023-09","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T15:17:13Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-09/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-10","reference_id":"mfsa2023-10","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-10"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-10/","reference_id":"mfsa2023-10","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T15:17:13Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-10/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-11","reference_id":"mfsa2023-11","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-11"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-11/","reference_id":"mfsa2023-11","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T15:17:13Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-11/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1817768","reference_id":"show_bug.cgi?id=1817768","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T15:17:13Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1817768"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2023-28163"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mp4n-ez8p-63ek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35228?format=json","vulnerability_id":"VCID-mqte-f1hw-2ya5","summary":"Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22753.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22753.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22753","reference_id":"","reference_type":"","scores":[{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61517","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61431","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61435","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61418","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61406","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.6142","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61414","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61367","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61416","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61475","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61437","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61464","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61345","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61374","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61343","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.6139","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61405","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61427","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61412","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61393","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22753"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053241","reference_id":"2053241","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2053241"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-04","reference_id":"mfsa2022-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-04"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-04/","reference_id":"mfsa2022-04","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:47:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-04/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-05","reference_id":"mfsa2022-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-05/","reference_id":"mfsa2022-05","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:47:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-05/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-06","reference_id":"mfsa2022-06","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-06"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-06/","reference_id":"mfsa2022-06","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:47:11Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-06/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1732435","reference_id":"show_bug.cgi?id=1732435","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T14:47:11Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1732435"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2022-22753"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mqte-f1hw-2ya5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63394?format=json","vulnerability_id":"VCID-mup7-wezz-gkgc","summary":"When receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3032.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3032.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3032","reference_id":"","reference_type":"","scores":[{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.6127","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61168","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61116","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61165","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61225","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61186","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61213","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61097","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61125","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61091","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61139","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61155","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61175","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61162","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61143","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61183","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61189","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.6117","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61159","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61174","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3032"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2123255","reference_id":"2123255","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2123255"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-38","reference_id":"mfsa2022-38","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-38"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-38/","reference_id":"mfsa2022-38","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-09T19:56:21Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-38/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-39","reference_id":"mfsa2022-39","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-39"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-39/","reference_id":"mfsa2022-39","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-09T19:56:21Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-39/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6708","reference_id":"RHSA-2022:6708","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6708"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6710","reference_id":"RHSA-2022:6710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6710"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6713","reference_id":"RHSA-2022:6713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6715","reference_id":"RHSA-2022:6715","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6715"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6716","reference_id":"RHSA-2022:6716","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6716"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6717","reference_id":"RHSA-2022:6717","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6717"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1783831","reference_id":"show_bug.cgi?id=1783831","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-09T19:56:21Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1783831"},{"reference_url":"https://usn.ubuntu.com/5663-1/","reference_id":"USN-5663-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5663-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940881?format=json","purl":"pkg:deb/debian/thunderbird@1:102.2.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.2.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2022-3032"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mup7-wezz-gkgc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63280?format=json","vulnerability_id":"VCID-myv9-89b8-w7dm","summary":"In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the SEE_MASK_FLAG_NO_UI flag associated with downloaded files and will not show any UI. Files that are unknown and potentially dangerous will be allowed to run because SmartScreen will not prompt the user for a decision, and if the user is offline all files will be allowed to be opened because Windows won’t prompt the user to ask what to do. Firefox incorrectly sets this flag when downloading files, leading to less secure behavior from SmartScreen. *Note: this issue only affects Windows 10 users running the April 2018 update or later. It does not affect other Windows users or other operating systems.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5174.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5174.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5174","reference_id":"","reference_type":"","scores":[{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67775","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67641","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67684","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67721","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67692","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67717","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67531","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67567","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67589","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67618","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67632","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67654","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.6764","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67608","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67642","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67633","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67653","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67664","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67666","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5174"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1447080","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1447080"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2018-11/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2018-11/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2018-12/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2018-12/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2018-13/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2018-13/"},{"reference_url":"http://www.securityfocus.com/bid/104136","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/104136"},{"reference_url":"http://www.securitytracker.com/id/1040896","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1040896"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1576274","reference_id":"1576274","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1576274"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5174","reference_id":"CVE-2018-5174","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5174"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-11","reference_id":"mfsa2018-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-11"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-12","reference_id":"mfsa2018-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-13","reference_id":"mfsa2018-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2018-5174"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-myv9-89b8-w7dm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63009?format=json","vulnerability_id":"VCID-n8hk-44ah-bugr","summary":"Due to insufficient escaping of the ampersand character in the \"copy as cURL\" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system.*This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4084.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4084.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-4084","reference_id":"","reference_type":"","scores":[{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51769","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.5175","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51728","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51711","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51752","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51759","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51739","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51691","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51697","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51657","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51604","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51655","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51662","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51664","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.5169","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.5165","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51704","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.517","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-4084"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2362911","reference_id":"2362911","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2362911"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1949994%2C1956698%2C1960198","reference_id":"buglist.cgi?bug_id=1949994%2C1956698%2C1960198","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T03:56:30Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1949994%2C1956698%2C1960198"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-29","reference_id":"mfsa2025-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-29"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-29/","reference_id":"mfsa2025-29","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T03:56:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-29/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-30","reference_id":"mfsa2025-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-30/","reference_id":"mfsa2025-30","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T03:56:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-32","reference_id":"mfsa2025-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-32/","reference_id":"mfsa2025-32","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T03:56:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-32/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2025-4084"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n8hk-44ah-bugr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62595?format=json","vulnerability_id":"VCID-pmkt-c3bw-zkhz","summary":"By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9398.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9398.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-9398","reference_id":"","reference_type":"","scores":[{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74332","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74166","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74188","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.7417","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74163","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74201","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74209","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74202","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74237","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74246","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74244","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74238","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74266","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.7429","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74253","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74276","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74121","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74147","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74119","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74152","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-9398"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2315952","reference_id":"2315952","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2315952"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-46","reference_id":"mfsa2024-46","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-46"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-46/","reference_id":"mfsa2024-46","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T19:35:52Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-46/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-47","reference_id":"mfsa2024-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-47"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-47/","reference_id":"mfsa2024-47","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T19:35:52Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-47/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-49","reference_id":"mfsa2024-49","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-49"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-49/","reference_id":"mfsa2024-49","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T19:35:52Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-49/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-50","reference_id":"mfsa2024-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-50"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-50/","reference_id":"mfsa2024-50","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T19:35:52Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-50/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7552","reference_id":"RHSA-2024:7552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7621","reference_id":"RHSA-2024:7621","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7621"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7622","reference_id":"RHSA-2024:7622","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7622"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7646","reference_id":"RHSA-2024:7646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7699","reference_id":"RHSA-2024:7699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7700","reference_id":"RHSA-2024:7700","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7700"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7702","reference_id":"RHSA-2024:7702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7703","reference_id":"RHSA-2024:7703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7704","reference_id":"RHSA-2024:7704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7842","reference_id":"RHSA-2024:7842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7853","reference_id":"RHSA-2024:7853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7853"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7854","reference_id":"RHSA-2024:7854","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7854"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7855","reference_id":"RHSA-2024:7855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7856","reference_id":"RHSA-2024:7856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8166","reference_id":"RHSA-2024:8166","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8166"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8169","reference_id":"RHSA-2024:8169","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8169"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1881037","reference_id":"show_bug.cgi?id=1881037","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-18T19:35:52Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1881037"},{"reference_url":"https://usn.ubuntu.com/7056-1/","reference_id":"USN-7056-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7056-1/"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940987?format=json","purl":"pkg:deb/debian/thunderbird@1:128.3.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.3.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2024-9398"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pmkt-c3bw-zkhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62916?format=json","vulnerability_id":"VCID-pn68-e9g7-qbf1","summary":"The executable file warning did not warn users before opening files with the terminal extension. *This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6426.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6426.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6426","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13039","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12989","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12968","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12918","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12839","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14109","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.13908","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14014","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.13899","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14068","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33313","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33771","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33404","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33384","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.333","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33192","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33258","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33297","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33209","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33234","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6426"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2374560","reference_id":"2374560","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2374560"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-51","reference_id":"mfsa2025-51","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-51"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-51/","reference_id":"mfsa2025-51","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-25T14:21:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-51/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-53","reference_id":"mfsa2025-53","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-53"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-53/","reference_id":"mfsa2025-53","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-25T14:21:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-53/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-54","reference_id":"mfsa2025-54","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-54"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-54/","reference_id":"mfsa2025-54","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-25T14:21:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-54/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-55","reference_id":"mfsa2025-55","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-55"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-55/","reference_id":"mfsa2025-55","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-25T14:21:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-55/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1964385","reference_id":"show_bug.cgi?id=1964385","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-25T14:21:30Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1964385"},{"reference_url":"https://usn.ubuntu.com/7663-1/","reference_id":"USN-7663-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7663-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2025-6426"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pn68-e9g7-qbf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36127?format=json","vulnerability_id":"VCID-pst5-367g-h7cs","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8386.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8386.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8386","reference_id":"","reference_type":"","scores":[{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50605","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50627","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50622","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.5058","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50595","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50617","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50575","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50578","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50523","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50543","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.5057","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53372","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53285","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53295","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53258","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53216","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53266","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53318","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53278","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53304","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8386"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2309432","reference_id":"2309432","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2309432"},{"reference_url":"https://security.gentoo.org/glsa/202412-04","reference_id":"GLSA-202412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-04"},{"reference_url":"https://security.gentoo.org/glsa/202412-06","reference_id":"GLSA-202412-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-06"},{"reference_url":"https://security.gentoo.org/glsa/202412-13","reference_id":"GLSA-202412-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-13"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-39","reference_id":"mfsa2024-39","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-39"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-39/","reference_id":"mfsa2024-39","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:44:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-39/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-40","reference_id":"mfsa2024-40","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-40"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-40/","reference_id":"mfsa2024-40","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:44:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-40/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-43","reference_id":"mfsa2024-43","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-43"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-43/","reference_id":"mfsa2024-43","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:44:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-43/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6681","reference_id":"RHSA-2024:6681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6682","reference_id":"RHSA-2024:6682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6683","reference_id":"RHSA-2024:6683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6684","reference_id":"RHSA-2024:6684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6719","reference_id":"RHSA-2024:6719","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6719"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6720","reference_id":"RHSA-2024:6720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6721","reference_id":"RHSA-2024:6721","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6721"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6722","reference_id":"RHSA-2024:6722","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6722"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6723","reference_id":"RHSA-2024:6723","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6723"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6782","reference_id":"RHSA-2024:6782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6786","reference_id":"RHSA-2024:6786","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6786"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6816","reference_id":"RHSA-2024:6816","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6816"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6838","reference_id":"RHSA-2024:6838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6839","reference_id":"RHSA-2024:6839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6850","reference_id":"RHSA-2024:6850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6891","reference_id":"RHSA-2024:6891","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6891"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6892","reference_id":"RHSA-2024:6892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6892"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1907032","reference_id":"show_bug.cgi?id=1907032","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:44:49Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1907032"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1909163","reference_id":"show_bug.cgi?id=1909163","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:44:49Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1909163"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1909529","reference_id":"show_bug.cgi?id=1909529","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:44:49Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1909529"},{"reference_url":"https://usn.ubuntu.com/6992-1/","reference_id":"USN-6992-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6992-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940984?format=json","purl":"pkg:deb/debian/thunderbird@1:128.2.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.2.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2024-8386"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pst5-367g-h7cs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51403?format=json","vulnerability_id":"VCID-pv9q-fcta-ffbq","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4577.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4577.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4577","reference_id":"","reference_type":"","scores":[{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27569","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27718","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27644","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27473","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27534","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27556","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27477","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27492","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28118","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28161","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27958","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28025","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28067","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28073","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.2803","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27973","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27981","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27963","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27915","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.2783","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4577"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2236075","reference_id":"2236075","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2236075"},{"reference_url":"https://security.gentoo.org/glsa/202402-25","reference_id":"GLSA-202402-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-25"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-34","reference_id":"mfsa2023-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-34/","reference_id":"mfsa2023-34","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T20:02:33Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-34/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-36","reference_id":"mfsa2023-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-36"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-36/","reference_id":"mfsa2023-36","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T20:02:33Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-36/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-38","reference_id":"mfsa2023-38","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-38"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-38/","reference_id":"mfsa2023-38","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T20:02:33Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-38/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4945","reference_id":"RHSA-2023:4945","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4946","reference_id":"RHSA-2023:4946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4947","reference_id":"RHSA-2023:4947","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4948","reference_id":"RHSA-2023:4948","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4948"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4949","reference_id":"RHSA-2023:4949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4950","reference_id":"RHSA-2023:4950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4951","reference_id":"RHSA-2023:4951","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4951"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4952","reference_id":"RHSA-2023:4952","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4952"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4954","reference_id":"RHSA-2023:4954","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4954"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4955","reference_id":"RHSA-2023:4955","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4955"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4956","reference_id":"RHSA-2023:4956","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4956"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4957","reference_id":"RHSA-2023:4957","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4957"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4958","reference_id":"RHSA-2023:4958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4958"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4959","reference_id":"RHSA-2023:4959","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4959"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5019","reference_id":"RHSA-2023:5019","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5019"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1847397","reference_id":"show_bug.cgi?id=1847397","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T20:02:33Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1847397"},{"reference_url":"https://usn.ubuntu.com/6320-1/","reference_id":"USN-6320-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6320-1/"},{"reference_url":"https://usn.ubuntu.com/6405-1/","reference_id":"USN-6405-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6405-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940917?format=json","purl":"pkg:deb/debian/thunderbird@1:115.2.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.2.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2023-4577"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pv9q-fcta-ffbq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35136?format=json","vulnerability_id":"VCID-q5ch-b97k-k3hp","summary":"Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29982","reference_id":"","reference_type":"","scores":[{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59743","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.5963","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59688","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59646","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59673","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59506","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.5958","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59605","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59574","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59625","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59638","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59658","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.5964","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59621","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59654","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59661","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59645","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59614","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59634","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59581","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29982"},{"reference_url":"https://security.archlinux.org/ASA-202108-14","reference_id":"ASA-202108-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-14"},{"reference_url":"https://security.archlinux.org/AVG-2269","reference_id":"AVG-2269","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2269"},{"reference_url":"https://security.archlinux.org/AVG-2291","reference_id":"AVG-2291","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2291"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33","reference_id":"mfsa2021-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36","reference_id":"mfsa2021-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36"},{"reference_url":"https://usn.ubuntu.com/5037-1/","reference_id":"USN-5037-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5037-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2021-29982"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q5ch-b97k-k3hp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63190?format=json","vulnerability_id":"VCID-q77k-hc9g-9fhm","summary":"The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating (if an attacker spammed the 'Stop' command); but also exposed attack surface in the maintenance service.*Note: This issue only affected Windows operating systems older than Win 10 build 1709. Other operating systems are unaffected.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29951.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29951.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29951","reference_id":"","reference_type":"","scores":[{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67438","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67302","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67342","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.6738","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67352","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67376","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67198","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67235","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67259","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67236","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67287","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.673","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.6732","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67307","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67271","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67306","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67319","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67298","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67318","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67329","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29951"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1961505","reference_id":"1961505","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1961505"},{"reference_url":"https://security.archlinux.org/AVG-1914","reference_id":"AVG-1914","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1914"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-10","reference_id":"mfsa2021-10","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-18","reference_id":"mfsa2021-18","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-18"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-19","reference_id":"mfsa2021-19","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-19"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2021-29951"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q77k-hc9g-9fhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36126?format=json","vulnerability_id":"VCID-qd97-asaa-2fey","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8385.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8385.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8385","reference_id":"","reference_type":"","scores":[{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51104","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51202","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51195","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51247","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51269","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51262","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51224","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51238","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51259","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51216","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51219","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51181","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51164","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51206","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65921","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65832","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65876","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65847","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.65866","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8385"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2309431","reference_id":"2309431","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2309431"},{"reference_url":"https://security.gentoo.org/glsa/202412-04","reference_id":"GLSA-202412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-04"},{"reference_url":"https://security.gentoo.org/glsa/202412-06","reference_id":"GLSA-202412-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-06"},{"reference_url":"https://security.gentoo.org/glsa/202412-13","reference_id":"GLSA-202412-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-13"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-39","reference_id":"mfsa2024-39","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-39"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-39/","reference_id":"mfsa2024-39","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-03T15:46:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-39/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-40","reference_id":"mfsa2024-40","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-40"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-40/","reference_id":"mfsa2024-40","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-03T15:46:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-40/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-43","reference_id":"mfsa2024-43","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-43"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-43/","reference_id":"mfsa2024-43","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-03T15:46:49Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-43/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6681","reference_id":"RHSA-2024:6681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6682","reference_id":"RHSA-2024:6682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6683","reference_id":"RHSA-2024:6683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6684","reference_id":"RHSA-2024:6684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6719","reference_id":"RHSA-2024:6719","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6719"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6720","reference_id":"RHSA-2024:6720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6721","reference_id":"RHSA-2024:6721","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6721"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6722","reference_id":"RHSA-2024:6722","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6722"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6723","reference_id":"RHSA-2024:6723","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6723"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6782","reference_id":"RHSA-2024:6782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6786","reference_id":"RHSA-2024:6786","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6786"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6816","reference_id":"RHSA-2024:6816","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6816"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6838","reference_id":"RHSA-2024:6838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6839","reference_id":"RHSA-2024:6839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6850","reference_id":"RHSA-2024:6850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6891","reference_id":"RHSA-2024:6891","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6891"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6892","reference_id":"RHSA-2024:6892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6892"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1911909","reference_id":"show_bug.cgi?id=1911909","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-03T15:46:49Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1911909"},{"reference_url":"https://usn.ubuntu.com/6992-1/","reference_id":"USN-6992-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6992-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940984?format=json","purl":"pkg:deb/debian/thunderbird@1:128.2.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:128.2.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2024-8385"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qd97-asaa-2fey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63142?format=json","vulnerability_id":"VCID-qhwf-9n5n-hbaa","summary":"The code for downloading files did not properly take care of special characters,\nwhich led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15658.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15658.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15658","reference_id":"","reference_type":"","scores":[{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65769","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65654","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.6563","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65679","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65723","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65694","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65712","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65513","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65562","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65592","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65558","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65611","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65623","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65642","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65627","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65599","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65634","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65647","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65629","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65644","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00491","scoring_system":"epss","scoring_elements":"0.65655","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15658"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861647","reference_id":"1861647","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861647"},{"reference_url":"https://security.archlinux.org/AVG-1213","reference_id":"AVG-1213","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1213"},{"reference_url":"https://security.archlinux.org/AVG-1214","reference_id":"AVG-1214","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1214"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-30","reference_id":"mfsa2020-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-30"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-32","reference_id":"mfsa2020-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-32"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-33","reference_id":"mfsa2020-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-33"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3555","reference_id":"RHSA-2020:3555","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3555"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3557","reference_id":"RHSA-2020:3557","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3557"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3559","reference_id":"RHSA-2020:3559","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3559"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4080","reference_id":"RHSA-2020:4080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4080"},{"reference_url":"https://usn.ubuntu.com/4443-1/","reference_id":"USN-4443-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4443-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2020-15658"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qhwf-9n5n-hbaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33669?format=json","vulnerability_id":"VCID-qv7a-3c41-x3cr","summary":"Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38477.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38477.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-38477","reference_id":"","reference_type":"","scores":[{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.4189","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41961","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41988","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41952","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41939","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41953","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41991","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41967","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41956","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41979","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41906","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41748","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41673","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43581","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43578","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43403","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43465","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43447","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43371","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43499","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-38477"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2120695","reference_id":"2120695","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2120695"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1760611%2C1770219%2C1771159%2C1773363","reference_id":"buglist.cgi?bug_id=1760611%2C1770219%2C1771159%2C1773363","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T17:21:30Z/"}],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1760611%2C1770219%2C1771159%2C1773363"},{"reference_url":"https://security.gentoo.org/glsa/202208-37","reference_id":"GLSA-202208-37","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-37"},{"reference_url":"https://security.gentoo.org/glsa/202208-38","reference_id":"GLSA-202208-38","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-38"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-33","reference_id":"mfsa2022-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-33/","reference_id":"mfsa2022-33","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T17:21:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-33/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-34","reference_id":"mfsa2022-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-34/","reference_id":"mfsa2022-34","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T17:21:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-34/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-36","reference_id":"mfsa2022-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-36"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-36/","reference_id":"mfsa2022-36","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T17:21:30Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-36/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6164","reference_id":"RHSA-2022:6164","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6164"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6165","reference_id":"RHSA-2022:6165","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6165"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6166","reference_id":"RHSA-2022:6166","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6166"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6167","reference_id":"RHSA-2022:6167","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6167"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6168","reference_id":"RHSA-2022:6168","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6168"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6169","reference_id":"RHSA-2022:6169","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6169"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6174","reference_id":"RHSA-2022:6174","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6174"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6175","reference_id":"RHSA-2022:6175","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6175"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6176","reference_id":"RHSA-2022:6176","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6176"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6177","reference_id":"RHSA-2022:6177","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6177"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6178","reference_id":"RHSA-2022:6178","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6178"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6179","reference_id":"RHSA-2022:6179","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6179"},{"reference_url":"https://usn.ubuntu.com/5581-1/","reference_id":"USN-5581-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5581-1/"},{"reference_url":"https://usn.ubuntu.com/5663-1/","reference_id":"USN-5663-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5663-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940885?format=json","purl":"pkg:deb/debian/thunderbird@1:102.2.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:102.2.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2022-38477"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qv7a-3c41-x3cr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63437?format=json","vulnerability_id":"VCID-rsy6-acfe-ffb5","summary":"The constructed curl command from the \"Copy as curl\" feature in DevTools was not properly escaped for PowerShell.  This could have lead to command injection if pasted into a Powershell prompt.*This bug only affects Firefox for Windows. Other operating systems are unaffected.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22744.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22744.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22744","reference_id":"","reference_type":"","scores":[{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63493","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63363","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63371","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63349","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63368","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63381","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63379","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.6335","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63395","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63447","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63412","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63439","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63302","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.6333","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63296","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63347","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63365","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63382","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63329","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22744"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039571","reference_id":"2039571","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039571"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-01/","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T15:10:40Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02","reference_id":"mfsa2022-02","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-02/","reference_id":"mfsa2022-02","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T15:10:40Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-02/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-03","reference_id":"mfsa2022-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-03/","reference_id":"mfsa2022-03","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T15:10:40Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-03/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1737252","reference_id":"show_bug.cgi?id=1737252","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T15:10:40Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1737252"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2022-22744"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rsy6-acfe-ffb5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51385?format=json","vulnerability_id":"VCID-s3vw-7gyn-ubdt","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3600.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3600.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3600","reference_id":"","reference_type":"","scores":[{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.38905","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.38833","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39276","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.3896","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39041","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.3906","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39362","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39855","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39776","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39831","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39845","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39854","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39832","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39819","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39802","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39852","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40515","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40511","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40416","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40441","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3600"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2222652","reference_id":"2222652","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2222652"},{"reference_url":"https://security.gentoo.org/glsa/202402-25","reference_id":"GLSA-202402-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-25"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-26","reference_id":"mfsa2023-26","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-26"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-26/","reference_id":"mfsa2023-26","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-07T16:47:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-26/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-27","reference_id":"mfsa2023-27","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-27"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-27/","reference_id":"mfsa2023-27","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-07T16:47:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-27/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5426","reference_id":"RHSA-2023:5426","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5426"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5427","reference_id":"RHSA-2023:5427","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5427"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5428","reference_id":"RHSA-2023:5428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5429","reference_id":"RHSA-2023:5429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5429"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5430","reference_id":"RHSA-2023:5430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5430"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5432","reference_id":"RHSA-2023:5432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5432"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5433","reference_id":"RHSA-2023:5433","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5433"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5434","reference_id":"RHSA-2023:5434","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5434"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5435","reference_id":"RHSA-2023:5435","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5435"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5436","reference_id":"RHSA-2023:5436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5437","reference_id":"RHSA-2023:5437","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5438","reference_id":"RHSA-2023:5438","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5438"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5439","reference_id":"RHSA-2023:5439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5440","reference_id":"RHSA-2023:5440","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5440"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5475","reference_id":"RHSA-2023:5475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5477","reference_id":"RHSA-2023:5477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5477"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1839703","reference_id":"show_bug.cgi?id=1839703","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-07T16:47:10Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1839703"},{"reference_url":"https://usn.ubuntu.com/6218-1/","reference_id":"USN-6218-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6218-1/"},{"reference_url":"https://usn.ubuntu.com/6405-1/","reference_id":"USN-6405-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6405-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2023-3600"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s3vw-7gyn-ubdt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60709?format=json","vulnerability_id":"VCID-sjy7-cp3x-nfh2","summary":"Multiple vulnerabilities have been found in Mozilla Firefox, the\n    worst of which may allow execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12368.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12368.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12368","reference_id":"","reference_type":"","scores":[{"value":"0.01854","scoring_system":"epss","scoring_elements":"0.83113","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01854","scoring_system":"epss","scoring_elements":"0.83172","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01854","scoring_system":"epss","scoring_elements":"0.83155","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01854","scoring_system":"epss","scoring_elements":"0.83134","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01854","scoring_system":"epss","scoring_elements":"0.83208","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01952","scoring_system":"epss","scoring_elements":"0.83461","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01952","scoring_system":"epss","scoring_elements":"0.83475","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01952","scoring_system":"epss","scoring_elements":"0.834","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01952","scoring_system":"epss","scoring_elements":"0.83413","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01952","scoring_system":"epss","scoring_elements":"0.83428","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01952","scoring_system":"epss","scoring_elements":"0.83427","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01952","scoring_system":"epss","scoring_elements":"0.83451","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01952","scoring_system":"epss","scoring_elements":"0.835","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01952","scoring_system":"epss","scoring_elements":"0.83502","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01952","scoring_system":"epss","scoring_elements":"0.83504","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01952","scoring_system":"epss","scoring_elements":"0.83526","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01952","scoring_system":"epss","scoring_elements":"0.83533","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01952","scoring_system":"epss","scoring_elements":"0.83536","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01952","scoring_system":"epss","scoring_elements":"0.83469","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01952","scoring_system":"epss","scoring_elements":"0.83464","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12368"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1595033","reference_id":"1595033","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1595033"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-15","reference_id":"mfsa2018-15","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-16","reference_id":"mfsa2018-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-16"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-17","reference_id":"mfsa2018-17","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-17"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-18","reference_id":"mfsa2018-18","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-18"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-19","reference_id":"mfsa2018-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-19"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2018-12368"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sjy7-cp3x-nfh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51407?format=json","vulnerability_id":"VCID-snbc-j4e3-uff1","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4582.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4582.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4582","reference_id":"","reference_type":"","scores":[{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66275","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66218","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.6616","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66138","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66159","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66197","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66225","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66182","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00657","scoring_system":"epss","scoring_elements":"0.71103","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00718","scoring_system":"epss","scoring_elements":"0.72395","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00798","scoring_system":"epss","scoring_elements":"0.74014","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00798","scoring_system":"epss","scoring_elements":"0.73995","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00798","scoring_system":"epss","scoring_elements":"0.73966","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00798","scoring_system":"epss","scoring_elements":"0.74","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00798","scoring_system":"epss","scoring_elements":"0.74036","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00798","scoring_system":"epss","scoring_elements":"0.74018","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00798","scoring_system":"epss","scoring_elements":"0.74011","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00798","scoring_system":"epss","scoring_elements":"0.7405","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00798","scoring_system":"epss","scoring_elements":"0.74059","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00798","scoring_system":"epss","scoring_elements":"0.74051","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4582"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2236081","reference_id":"2236081","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2236081"},{"reference_url":"https://security.gentoo.org/glsa/202402-25","reference_id":"GLSA-202402-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-25"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-34","reference_id":"mfsa2023-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-34/","reference_id":"mfsa2023-34","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T20:00:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-34/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-36","reference_id":"mfsa2023-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-36"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-36/","reference_id":"mfsa2023-36","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T20:00:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-36/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-38","reference_id":"mfsa2023-38","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-38"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-38/","reference_id":"mfsa2023-38","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T20:00:26Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-38/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1773874","reference_id":"show_bug.cgi?id=1773874","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T20:00:26Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1773874"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2023-4582"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-snbc-j4e3-uff1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63198?format=json","vulnerability_id":"VCID-t769-2t1u-57b6","summary":"Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have caused sensitive data to be recorded to a user's Microsoft account.*This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38505.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38505.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38505","reference_id":"","reference_type":"","scores":[{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57822","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57786","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.5776","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57719","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57739","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57718","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57674","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.5778","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57726","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57755","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57727","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57782","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57784","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.578","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57778","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57757","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.6336","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.633","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63387","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38505"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019623","reference_id":"2019623","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019623"},{"reference_url":"https://security.archlinux.org/AVG-2512","reference_id":"AVG-2512","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2512"},{"reference_url":"https://security.archlinux.org/AVG-2519","reference_id":"AVG-2519","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2519"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-48","reference_id":"mfsa2021-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-48"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-49","reference_id":"mfsa2021-49","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-49"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-50","reference_id":"mfsa2021-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-50"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2021-38505"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t769-2t1u-57b6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62621?format=json","vulnerability_id":"VCID-t8mb-cdc3-6ydq","summary":"Due to large allocation checks in Angle for GLSL shaders being too lenient an out-of-bounds access could occur when allocating more than 8192 ints in private shader memory on mac OS.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6600.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6600.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-6600","reference_id":"","reference_type":"","scores":[{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35352","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35283","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35261","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35356","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35332","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35264","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35378","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35465","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35495","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.3573","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35791","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35779","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.3814","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38249","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38272","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.3819","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38199","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38217","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38182","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.38158","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-6600"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2296635","reference_id":"2296635","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2296635"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-29","reference_id":"mfsa2024-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-29"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-29/","reference_id":"mfsa2024-29","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T16:08:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-29/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-30","reference_id":"mfsa2024-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-30/","reference_id":"mfsa2024-30","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T16:08:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-31","reference_id":"mfsa2024-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-31/","reference_id":"mfsa2024-31","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T16:08:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-31/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-32","reference_id":"mfsa2024-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-32/","reference_id":"mfsa2024-32","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T16:08:57Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-32/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1888340","reference_id":"show_bug.cgi?id=1888340","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T16:08:57Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1888340"},{"reference_url":"https://usn.ubuntu.com/6903-1/","reference_id":"USN-6903-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6903-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2024-6600"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t8mb-cdc3-6ydq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51395?format=json","vulnerability_id":"VCID-tfny-yt17-mffx","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4054.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4054.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4054","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09461","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09133","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09114","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.0927","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09319","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09255","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09227","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09132","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09302","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09374","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09353","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09384","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09195","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09242","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09164","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09243","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09281","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09284","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09254","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.0924","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4054"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2228366","reference_id":"2228366","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2228366"},{"reference_url":"https://security.gentoo.org/glsa/202402-25","reference_id":"GLSA-202402-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-25"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-29","reference_id":"mfsa2023-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-29"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-29/","reference_id":"mfsa2023-29","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:37:04Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-29/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-30","reference_id":"mfsa2023-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-30/","reference_id":"mfsa2023-30","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:37:04Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-31","reference_id":"mfsa2023-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-31/","reference_id":"mfsa2023-31","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:37:04Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-31/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-32","reference_id":"mfsa2023-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-32/","reference_id":"mfsa2023-32","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:37:04Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-32/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-33","reference_id":"mfsa2023-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-33"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-33/","reference_id":"mfsa2023-33","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:37:04Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-33/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1840777","reference_id":"show_bug.cgi?id=1840777","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:37:04Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1840777"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2023-4054"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tfny-yt17-mffx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62629?format=json","vulnerability_id":"VCID-tjp3-ck7p-5qg3","summary":"An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2605.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2605.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2605","reference_id":"","reference_type":"","scores":[{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55127","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55102","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55084","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55125","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55105","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55039","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55058","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55032","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.54982","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55024","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55082","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55042","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55068","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.5506","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55085","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55061","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.5511","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55122","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2605"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2270659","reference_id":"2270659","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2270659"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-12","reference_id":"mfsa2024-12","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-12"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-12/","reference_id":"mfsa2024-12","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-19T14:48:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-12/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-13","reference_id":"mfsa2024-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-13/","reference_id":"mfsa2024-13","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-19T14:48:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-14","reference_id":"mfsa2024-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-14/","reference_id":"mfsa2024-14","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-19T14:48:39Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-14/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1872920","reference_id":"show_bug.cgi?id=1872920","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-19T14:48:39Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1872920"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2024-2605"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tjp3-ck7p-5qg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63432?format=json","vulnerability_id":"VCID-tnxh-tgsm-tuex","summary":"A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.*This bug only affects Firefox for Windows. Other operating systems are unaffected.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22746.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22746.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22746","reference_id":"","reference_type":"","scores":[{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30548","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30979","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.31009","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30992","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30958","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30799","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30681","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30599","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30458","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30526","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30535","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30481","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.31111","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.31158","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30976","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.31033","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.31062","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.31068","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.31024","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22746"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039560","reference_id":"2039560","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039560"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-01/","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:59:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02","reference_id":"mfsa2022-02","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-02/","reference_id":"mfsa2022-02","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:59:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-02/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-03","reference_id":"mfsa2022-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-03/","reference_id":"mfsa2022-03","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:59:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-03/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1735071","reference_id":"show_bug.cgi?id=1735071","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:59:19Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1735071"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2022-22746"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tnxh-tgsm-tuex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51408?format=json","vulnerability_id":"VCID-tq43-rx5u-eybv","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4583.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4583.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4583","reference_id":"","reference_type":"","scores":[{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34561","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.3499","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34974","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34931","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34701","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34682","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.3459","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34461","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34531","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34569","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34465","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34492","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35026","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35053","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34933","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34978","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35007","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35011","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34975","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34951","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4583"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2236082","reference_id":"2236082","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2236082"},{"reference_url":"https://security.gentoo.org/glsa/202402-25","reference_id":"GLSA-202402-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-25"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-34","reference_id":"mfsa2023-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-34/","reference_id":"mfsa2023-34","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-19T19:09:13Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-34/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-36","reference_id":"mfsa2023-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-36"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-36/","reference_id":"mfsa2023-36","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-19T19:09:13Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-36/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-38","reference_id":"mfsa2023-38","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-38"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-38/","reference_id":"mfsa2023-38","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-19T19:09:13Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-38/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4945","reference_id":"RHSA-2023:4945","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4946","reference_id":"RHSA-2023:4946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4947","reference_id":"RHSA-2023:4947","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4948","reference_id":"RHSA-2023:4948","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4948"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4949","reference_id":"RHSA-2023:4949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4950","reference_id":"RHSA-2023:4950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4951","reference_id":"RHSA-2023:4951","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4951"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4952","reference_id":"RHSA-2023:4952","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4952"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4954","reference_id":"RHSA-2023:4954","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4954"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4955","reference_id":"RHSA-2023:4955","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4955"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4956","reference_id":"RHSA-2023:4956","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4956"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4957","reference_id":"RHSA-2023:4957","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4957"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4958","reference_id":"RHSA-2023:4958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4958"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4959","reference_id":"RHSA-2023:4959","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4959"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5019","reference_id":"RHSA-2023:5019","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5019"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1842030","reference_id":"show_bug.cgi?id=1842030","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-19T19:09:13Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1842030"},{"reference_url":"https://usn.ubuntu.com/6320-1/","reference_id":"USN-6320-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6320-1/"},{"reference_url":"https://usn.ubuntu.com/6405-1/","reference_id":"USN-6405-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6405-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940917?format=json","purl":"pkg:deb/debian/thunderbird@1:115.2.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.2.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2023-4583"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tq43-rx5u-eybv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33945?format=json","vulnerability_id":"VCID-u5n5-6h82-tqhw","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25734.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25734.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25734","reference_id":"","reference_type":"","scores":[{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39101","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39465","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39519","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39535","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39546","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39508","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39491","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39541","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39513","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39428","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39233","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39217","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39136","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39009","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39078","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39095","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39005","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39027","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39526","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39549","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25734"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170384","reference_id":"2170384","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170384"},{"reference_url":"https://security.gentoo.org/glsa/202305-35","reference_id":"GLSA-202305-35","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202305-35"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-05","reference_id":"mfsa2023-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-05/","reference_id":"mfsa2023-05","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-09T20:59:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-05/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-06","reference_id":"mfsa2023-06","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-06"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-06/","reference_id":"mfsa2023-06","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-09T20:59:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-06/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-07","reference_id":"mfsa2023-07","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-07"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-07/","reference_id":"mfsa2023-07","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-09T20:59:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-07/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1784451","reference_id":"show_bug.cgi?id=1784451","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-09T20:59:56Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1784451"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1809923","reference_id":"show_bug.cgi?id=1809923","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-09T20:59:56Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1809923"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1810143","reference_id":"show_bug.cgi?id=1810143","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-09T20:59:56Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1810143"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1812338","reference_id":"show_bug.cgi?id=1812338","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-09T20:59:56Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1812338"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2023-25734"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u5n5-6h82-tqhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63154?format=json","vulnerability_id":"VCID-urpr-qse2-7kcf","summary":"Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that string; resulting in an information leak.*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26966.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26966.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26966","reference_id":"","reference_type":"","scores":[{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63546","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63449","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63502","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63467","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63494","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.633","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.6336","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63387","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63352","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63404","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63422","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63439","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63386","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63421","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63428","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63407","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63425","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63437","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63433","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63405","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26966"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1898740","reference_id":"1898740","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1898740"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-50","reference_id":"mfsa2020-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-50"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-51","reference_id":"mfsa2020-51","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-51"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-52","reference_id":"mfsa2020-52","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-52"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2020-26966"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-urpr-qse2-7kcf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63324?format=json","vulnerability_id":"VCID-uuc6-a3xx-6khk","summary":"Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. This should only happen if the program has specifically registered itself as a \"URL Handler\" in the Windows registry.  *Note: This issue only affects Windows operating systems. Other operating systems are unaffected.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9801.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9801.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9801","reference_id":"","reference_type":"","scores":[{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58865","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58812","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58768","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58795","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58647","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58731","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58752","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.5872","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58772","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58779","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58798","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58759","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58792","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58797","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58775","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58743","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58758","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58742","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58709","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58754","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9801"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1690682","reference_id":"1690682","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1690682"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07","reference_id":"mfsa2019-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-08","reference_id":"mfsa2019-08","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-08"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-11","reference_id":"mfsa2019-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2019-9801"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uuc6-a3xx-6khk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50247?format=json","vulnerability_id":"VCID-v9ua-1tey-cyaa","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46875.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46875.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-46875","reference_id":"","reference_type":"","scores":[{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34412","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34483","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34454","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34545","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34517","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34404","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34442","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34457","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34422","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34446","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34485","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35464","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35378","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35495","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60558","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60408","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60455","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60513","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60471","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60497","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-46875"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2153451","reference_id":"2153451","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2153451"},{"reference_url":"https://security.gentoo.org/glsa/202305-06","reference_id":"GLSA-202305-06","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:56:00Z/"}],"url":"https://security.gentoo.org/glsa/202305-06"},{"reference_url":"https://security.gentoo.org/glsa/202305-13","reference_id":"GLSA-202305-13","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:56:00Z/"}],"url":"https://security.gentoo.org/glsa/202305-13"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-51","reference_id":"mfsa2022-51","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-51"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-51/","reference_id":"mfsa2022-51","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:56:00Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-51/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-52","reference_id":"mfsa2022-52","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-52"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-52/","reference_id":"mfsa2022-52","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:56:00Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-52/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-53","reference_id":"mfsa2022-53","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-53"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-53/","reference_id":"mfsa2022-53","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:56:00Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-53/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1786188","reference_id":"show_bug.cgi?id=1786188","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:56:00Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1786188"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2022-46875"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v9ua-1tey-cyaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38344?format=json","vulnerability_id":"VCID-vtjf-sufh-p3h4","summary":"crossbeam-deque Data Race before v0.7.4 and v0.8.1\n### Impact\n\nIn the affected version of this crate, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug.\n\nCrates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue.\n\n### Patches\n\nThis has been fixed in crossbeam-deque 0.8.1 and 0.7.4.\n\n### Credits\n\nThis issue was reported and fixed by Maor Kleinberger.\n\n### License\n\nThis advisory is in the public domain.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32810.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32810.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32810","reference_id":"","reference_type":"","scores":[{"value":"0.01079","scoring_system":"epss","scoring_elements":"0.77847","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01079","scoring_system":"epss","scoring_elements":"0.7782","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01079","scoring_system":"epss","scoring_elements":"0.77815","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01079","scoring_system":"epss","scoring_elements":"0.77787","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01079","scoring_system":"epss","scoring_elements":"0.77804","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01079","scoring_system":"epss","scoring_elements":"0.7777","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01079","scoring_system":"epss","scoring_elements":"0.77777","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01094","scoring_system":"epss","scoring_elements":"0.78046","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01094","scoring_system":"epss","scoring_elements":"0.78038","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01094","scoring_system":"epss","scoring_elements":"0.78013","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01094","scoring_system":"epss","scoring_elements":"0.77979","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01094","scoring_system":"epss","scoring_elements":"0.7798","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01094","scoring_system":"epss","scoring_elements":"0.78006","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01094","scoring_system":"epss","scoring_elements":"0.78164","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01094","scoring_system":"epss","scoring_elements":"0.78121","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01094","scoring_system":"epss","scoring_elements":"0.78102","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01094","scoring_system":"epss","scoring_elements":"0.78112","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01094","scoring_system":"epss","scoring_elements":"0.78095","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01094","scoring_system":"epss","scoring_elements":"0.78069","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01094","scoring_system":"epss","scoring_elements":"0.78059","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32810"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32810","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32810"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/crossbeam-rs/crossbeam","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/crossbeam-rs/crossbeam"},{"reference_url":"https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7EZILHZDRGDPOBQ4KTW3E5PPMKLHGH5N","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7EZILHZDRGDPOBQ4KTW3E5PPMKLHGH5N"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7EZILHZDRGDPOBQ4KTW3E5PPMKLHGH5N/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7EZILHZDRGDPOBQ4KTW3E5PPMKLHGH5N/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AWHNNBJCU4EHA2X5ZAMJMGLDUYS5FEPP","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AWHNNBJCU4EHA2X5ZAMJMGLDUYS5FEPP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AWHNNBJCU4EHA2X5ZAMJMGLDUYS5FEPP/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AWHNNBJCU4EHA2X5ZAMJMGLDUYS5FEPP/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYBSLIYFANZLCYWOGTIYZUM26TJRH7WU","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYBSLIYFANZLCYWOGTIYZUM26TJRH7WU"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYBSLIYFANZLCYWOGTIYZUM26TJRH7WU/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYBSLIYFANZLCYWOGTIYZUM26TJRH7WU/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CY5T3FCE4MUYSPKEWICLVJBBODGJ6SZE","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CY5T3FCE4MUYSPKEWICLVJBBODGJ6SZE"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CY5T3FCE4MUYSPKEWICLVJBBODGJ6SZE/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CY5T3FCE4MUYSPKEWICLVJBBODGJ6SZE/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EW5B2VTDVMJ6B3DA4VLMAMW2GGDCE2BK","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EW5B2VTDVMJ6B3DA4VLMAMW2GGDCE2BK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EW5B2VTDVMJ6B3DA4VLMAMW2GGDCE2BK/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EW5B2VTDVMJ6B3DA4VLMAMW2GGDCE2BK/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LCIBFGBSL3JSVJQTNEDEIMZGZF23N2KE","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LCIBFGBSL3JSVJQTNEDEIMZGZF23N2KE"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LCIBFGBSL3JSVJQTNEDEIMZGZF23N2KE/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LCIBFGBSL3JSVJQTNEDEIMZGZF23N2KE/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCLMH7B7B2MF55ET4NQNPH7JWISFX4RT","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCLMH7B7B2MF55ET4NQNPH7JWISFX4RT"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCLMH7B7B2MF55ET4NQNPH7JWISFX4RT/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCLMH7B7B2MF55ET4NQNPH7JWISFX4RT/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRPKBRXCRNGNMVFQPFD4LM3QKPEMBQQR","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRPKBRXCRNGNMVFQPFD4LM3QKPEMBQQR"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRPKBRXCRNGNMVFQPFD4LM3QKPEMBQQR/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRPKBRXCRNGNMVFQPFD4LM3QKPEMBQQR/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFUBWBYCPSSXTJGEAQ67CJUNQJBOCM26","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFUBWBYCPSSXTJGEAQ67CJUNQJBOCM26"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFUBWBYCPSSXTJGEAQ67CJUNQJBOCM26/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFUBWBYCPSSXTJGEAQ67CJUNQJBOCM26/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3LSN3B43TJSFIOB3QLPBI3RCHRU5BLO","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3LSN3B43TJSFIOB3QLPBI3RCHRU5BLO"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3LSN3B43TJSFIOB3QLPBI3RCHRU5BLO/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3LSN3B43TJSFIOB3QLPBI3RCHRU5BLO/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VQZIEJQBV3S72BHD5GKJQF3NVYNRV5CF","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VQZIEJQBV3S72BHD5GKJQF3NVYNRV5CF"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VQZIEJQBV3S72BHD5GKJQF3NVYNRV5CF/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VQZIEJQBV3S72BHD5GKJQF3NVYNRV5CF/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WGB2H35CTZDHOV3VLC5BM6VFGURLLVRP","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WGB2H35CTZDHOV3VLC5BM6VFGURLLVRP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WGB2H35CTZDHOV3VLC5BM6VFGURLLVRP/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WGB2H35CTZDHOV3VLC5BM6VFGURLLVRP/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFBZWCLG7AGLJO4A7K5IMJVPLSWZ5TJP","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFBZWCLG7AGLJO4A7K5IMJVPLSWZ5TJP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFBZWCLG7AGLJO4A7K5IMJVPLSWZ5TJP/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFBZWCLG7AGLJO4A7K5IMJVPLSWZ5TJP/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQDIBB7VR3ER52FMSMNJPAWNDO5SITCE","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQDIBB7VR3ER52FMSMNJPAWNDO5SITCE"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQDIBB7VR3ER52FMSMNJPAWNDO5SITCE/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQDIBB7VR3ER52FMSMNJPAWNDO5SITCE/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32810","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32810"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2021-0093.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2021-0093.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1990342","reference_id":"1990342","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1990342"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993146","reference_id":"993146","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993146"},{"reference_url":"https://security.archlinux.org/AVG-2443","reference_id":"AVG-2443","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2443"},{"reference_url":"https://security.archlinux.org/AVG-2459","reference_id":"AVG-2459","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2459"},{"reference_url":"https://github.com/advisories/GHSA-pqqp-xmhj-wgcw","reference_id":"GHSA-pqqp-xmhj-wgcw","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pqqp-xmhj-wgcw"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-43","reference_id":"mfsa2021-43","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-43"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-45","reference_id":"mfsa2021-45","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-45"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-47","reference_id":"mfsa2021-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-47"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3755","reference_id":"RHSA-2021:3755","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3755"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3756","reference_id":"RHSA-2021:3756","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3756"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3757","reference_id":"RHSA-2021:3757","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3791","reference_id":"RHSA-2021:3791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3838","reference_id":"RHSA-2021:3838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3839","reference_id":"RHSA-2021:3839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3840","reference_id":"RHSA-2021:3840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3841","reference_id":"RHSA-2021:3841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3841"},{"reference_url":"https://usn.ubuntu.com/5107-1/","reference_id":"USN-5107-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5107-1/"},{"reference_url":"https://usn.ubuntu.com/5132-1/","reference_id":"USN-5132-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5132-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2021-32810","GHSA-pqqp-xmhj-wgcw"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vtjf-sufh-p3h4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63132?format=json","vulnerability_id":"VCID-vun4-z8ju-gbbc","summary":"If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with administrative privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous version which would have allowed exploitation of an older bug and arbitrary code execution with system privileges.*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15663.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15663.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15663","reference_id":"","reference_type":"","scores":[{"value":"0.01674","scoring_system":"epss","scoring_elements":"0.82332","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01674","scoring_system":"epss","scoring_elements":"0.82219","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01674","scoring_system":"epss","scoring_elements":"0.82234","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01674","scoring_system":"epss","scoring_elements":"0.82256","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01674","scoring_system":"epss","scoring_elements":"0.82278","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01674","scoring_system":"epss","scoring_elements":"0.82275","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01674","scoring_system":"epss","scoring_elements":"0.82291","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01674","scoring_system":"epss","scoring_elements":"0.82074","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01674","scoring_system":"epss","scoring_elements":"0.82086","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01674","scoring_system":"epss","scoring_elements":"0.82107","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01674","scoring_system":"epss","scoring_elements":"0.82103","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01674","scoring_system":"epss","scoring_elements":"0.8213","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01674","scoring_system":"epss","scoring_elements":"0.82137","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01674","scoring_system":"epss","scoring_elements":"0.82156","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01674","scoring_system":"epss","scoring_elements":"0.82147","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01674","scoring_system":"epss","scoring_elements":"0.82141","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01674","scoring_system":"epss","scoring_elements":"0.82179","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01674","scoring_system":"epss","scoring_elements":"0.82182","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01674","scoring_system":"epss","scoring_elements":"0.82205","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01674","scoring_system":"epss","scoring_elements":"0.82216","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15663"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1872530","reference_id":"1872530","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1872530"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-36","reference_id":"mfsa2020-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-36"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-37","reference_id":"mfsa2020-37","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-37"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-38","reference_id":"mfsa2020-38","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-38"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-40","reference_id":"mfsa2020-40","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-40"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-41","reference_id":"mfsa2020-41","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-41"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2020-15663"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vun4-z8ju-gbbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51420?format=json","vulnerability_id":"VCID-vw4n-4r41-ukbp","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5727.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5727.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5727","reference_id":"","reference_type":"","scores":[{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43585","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43666","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43671","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43589","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43461","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43536","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43554","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43491","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43521","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43758","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43783","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43716","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43767","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43771","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43791","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43742","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43804","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43795","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43728","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5727"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2245902","reference_id":"2245902","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2245902"},{"reference_url":"https://security.gentoo.org/glsa/202402-25","reference_id":"GLSA-202402-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-25"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-45","reference_id":"mfsa2023-45","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-45"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-45/","reference_id":"mfsa2023-45","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-11T18:47:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-45/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-46","reference_id":"mfsa2023-46","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-46"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-46/","reference_id":"mfsa2023-46","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-11T18:47:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-46/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-47","reference_id":"mfsa2023-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-47"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-47/","reference_id":"mfsa2023-47","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-11T18:47:05Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-47/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1847180","reference_id":"show_bug.cgi?id=1847180","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-11T18:47:05Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1847180"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2023-5727"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vw4n-4r41-ukbp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31210?format=json","vulnerability_id":"VCID-vzg5-b77s-g3ft","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34478.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34478.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34478","reference_id":"","reference_type":"","scores":[{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.34962","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35384","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35373","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.3532","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35086","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35065","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.34976","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.34855","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.34927","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.34964","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.34868","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.34894","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35422","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35446","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.3533","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35377","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35401","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35403","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35367","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35345","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34478"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2102167","reference_id":"2102167","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2102167"},{"reference_url":"https://security.gentoo.org/glsa/202208-08","reference_id":"GLSA-202208-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-08"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-24","reference_id":"mfsa2022-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-24"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-24/","reference_id":"mfsa2022-24","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:14:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-24/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-25","reference_id":"mfsa2022-25","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-25"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-25/","reference_id":"mfsa2022-25","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:14:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-25/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-26","reference_id":"mfsa2022-26","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-26"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-26/","reference_id":"mfsa2022-26","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:14:23Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-26/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1773717","reference_id":"show_bug.cgi?id=1773717","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T18:14:23Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1773717"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2022-34478"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vzg5-b77s-g3ft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63143?format=json","vulnerability_id":"VCID-wk26-kc1d-9qcy","summary":"Firefox could be made to load attacker-supplied DLL files from the installation directory.\nThis required an attacker that is already capable of placing files in the installation directory.\n*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15657.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15657.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15657","reference_id":"","reference_type":"","scores":[{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41769","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41759","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.4167","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41694","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41965","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.42026","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.42055","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41992","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.42042","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.42054","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.42076","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.42037","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.42013","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.42062","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.42035","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41904","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41898","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41813","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41673","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00199","scoring_system":"epss","scoring_elements":"0.41742","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15657"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861648","reference_id":"1861648","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861648"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-30","reference_id":"mfsa2020-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-30"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-32","reference_id":"mfsa2020-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-32"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-33","reference_id":"mfsa2020-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-33"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2020-15657"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wk26-kc1d-9qcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63399?format=json","vulnerability_id":"VCID-wzxk-316c-xqcg","summary":"When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.*This bug only affects Firefox for Windows. Other operating systems are unaffected.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31739.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31739.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31739","reference_id":"","reference_type":"","scores":[{"value":"0.00477","scoring_system":"epss","scoring_elements":"0.65123","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00477","scoring_system":"epss","scoring_elements":"0.64944","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00477","scoring_system":"epss","scoring_elements":"0.64981","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00477","scoring_system":"epss","scoring_elements":"0.64992","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00477","scoring_system":"epss","scoring_elements":"0.64976","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00477","scoring_system":"epss","scoring_elements":"0.64996","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00477","scoring_system":"epss","scoring_elements":"0.65008","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00477","scoring_system":"epss","scoring_elements":"0.65005","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00477","scoring_system":"epss","scoring_elements":"0.64986","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00477","scoring_system":"epss","scoring_elements":"0.65034","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00477","scoring_system":"epss","scoring_elements":"0.65076","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00477","scoring_system":"epss","scoring_elements":"0.65045","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00477","scoring_system":"epss","scoring_elements":"0.65067","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00477","scoring_system":"epss","scoring_elements":"0.6491","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00477","scoring_system":"epss","scoring_elements":"0.64937","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00477","scoring_system":"epss","scoring_elements":"0.649","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00477","scoring_system":"epss","scoring_elements":"0.6495","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00477","scoring_system":"epss","scoring_elements":"0.64964","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00477","scoring_system":"epss","scoring_elements":"0.64982","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00477","scoring_system":"epss","scoring_elements":"0.64972","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31739"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2092022","reference_id":"2092022","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2092022"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-20","reference_id":"mfsa2022-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-20/","reference_id":"mfsa2022-20","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T13:52:42Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-20/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-21","reference_id":"mfsa2022-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-21"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-21/","reference_id":"mfsa2022-21","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T13:52:42Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-21/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-22","reference_id":"mfsa2022-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-22"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-22/","reference_id":"mfsa2022-22","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T13:52:42Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-22/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1765049","reference_id":"show_bug.cgi?id=1765049","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-16T13:52:42Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1765049"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2022-31739"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wzxk-316c-xqcg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35134?format=json","vulnerability_id":"VCID-x8sj-apw2-e3h6","summary":"Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29981","reference_id":"","reference_type":"","scores":[{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63556","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63442","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63459","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63512","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63477","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63504","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.6331","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.6337","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63397","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63363","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63415","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63432","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.6345","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63433","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63398","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63439","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63417","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63435","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63447","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29981"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.archlinux.org/ASA-202108-14","reference_id":"ASA-202108-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-14"},{"reference_url":"https://security.archlinux.org/AVG-2269","reference_id":"AVG-2269","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2269"},{"reference_url":"https://security.archlinux.org/AVG-2291","reference_id":"AVG-2291","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2291"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33","reference_id":"mfsa2021-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36","reference_id":"mfsa2021-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36"},{"reference_url":"https://usn.ubuntu.com/5037-1/","reference_id":"USN-5037-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5037-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2021-29981"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x8sj-apw2-e3h6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51392?format=json","vulnerability_id":"VCID-xrg1-azru-5qf1","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4051.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4051.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4051","reference_id":"","reference_type":"","scores":[{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34193","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34205","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34269","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34172","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34196","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34236","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34207","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34165","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34301","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36094","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36202","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36115","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.35997","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36065","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36091","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36002","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36024","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.3646","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36232","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4051"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2236076","reference_id":"2236076","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2236076"},{"reference_url":"https://security.gentoo.org/glsa/202402-25","reference_id":"GLSA-202402-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-25"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-29","reference_id":"mfsa2023-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-29"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-29/","reference_id":"mfsa2023-29","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:40:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-29/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-36","reference_id":"mfsa2023-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-36"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-36/","reference_id":"mfsa2023-36","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:40:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-36/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-38","reference_id":"mfsa2023-38","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-38"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-38/","reference_id":"mfsa2023-38","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:40:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-38/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4945","reference_id":"RHSA-2023:4945","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4946","reference_id":"RHSA-2023:4946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4947","reference_id":"RHSA-2023:4947","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4948","reference_id":"RHSA-2023:4948","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4948"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4949","reference_id":"RHSA-2023:4949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4950","reference_id":"RHSA-2023:4950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4951","reference_id":"RHSA-2023:4951","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4951"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4952","reference_id":"RHSA-2023:4952","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4952"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4954","reference_id":"RHSA-2023:4954","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4954"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4955","reference_id":"RHSA-2023:4955","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4955"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4956","reference_id":"RHSA-2023:4956","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4956"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4957","reference_id":"RHSA-2023:4957","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4957"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4958","reference_id":"RHSA-2023:4958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4958"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4959","reference_id":"RHSA-2023:4959","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4959"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5019","reference_id":"RHSA-2023:5019","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5019"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1821884","reference_id":"show_bug.cgi?id=1821884","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:40:45Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1821884"},{"reference_url":"https://usn.ubuntu.com/6267-1/","reference_id":"USN-6267-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6267-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940917?format=json","purl":"pkg:deb/debian/thunderbird@1:115.2.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.2.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2023-4051"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xrg1-azru-5qf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63200?format=json","vulnerability_id":"VCID-yfmg-82tr-gfec","summary":"The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38510.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38510.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38510","reference_id":"","reference_type":"","scores":[{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64619","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64467","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64479","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64472","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64492","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64505","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64526","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64572","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64543","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64566","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64398","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64446","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64462","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64474","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64433","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0047","scoring_system":"epss","scoring_elements":"0.64535","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0047","scoring_system":"epss","scoring_elements":"0.64482","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0047","scoring_system":"epss","scoring_elements":"0.64564","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38510"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019629","reference_id":"2019629","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2019629"},{"reference_url":"https://security.archlinux.org/AVG-2512","reference_id":"AVG-2512","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2512"},{"reference_url":"https://security.archlinux.org/AVG-2519","reference_id":"AVG-2519","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2519"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-48","reference_id":"mfsa2021-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-48"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-49","reference_id":"mfsa2021-49","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-49"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-50","reference_id":"mfsa2021-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-50"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2021-38510"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yfmg-82tr-gfec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51394?format=json","vulnerability_id":"VCID-ygrd-4scr-wkau","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4053.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4053.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4053","reference_id":"","reference_type":"","scores":[{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34434","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34547","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.3446","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34335","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34406","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34445","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.3434","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34366","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34904","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34931","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.3481","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34855","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34884","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34887","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.3485","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34826","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34865","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34849","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34805","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00145","scoring_system":"epss","scoring_elements":"0.34567","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4053"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2236078","reference_id":"2236078","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2236078"},{"reference_url":"https://security.gentoo.org/glsa/202402-25","reference_id":"GLSA-202402-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-25"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-29","reference_id":"mfsa2023-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-29"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-29/","reference_id":"mfsa2023-29","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:37:53Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-29/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-36","reference_id":"mfsa2023-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-36"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-36/","reference_id":"mfsa2023-36","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:37:53Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-36/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-38","reference_id":"mfsa2023-38","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-38"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-38/","reference_id":"mfsa2023-38","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:37:53Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-38/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4945","reference_id":"RHSA-2023:4945","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4946","reference_id":"RHSA-2023:4946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4947","reference_id":"RHSA-2023:4947","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4948","reference_id":"RHSA-2023:4948","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4948"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4949","reference_id":"RHSA-2023:4949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4950","reference_id":"RHSA-2023:4950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4951","reference_id":"RHSA-2023:4951","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4951"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4952","reference_id":"RHSA-2023:4952","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4952"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4954","reference_id":"RHSA-2023:4954","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4954"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4955","reference_id":"RHSA-2023:4955","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4955"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4956","reference_id":"RHSA-2023:4956","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4956"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4957","reference_id":"RHSA-2023:4957","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4957"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4958","reference_id":"RHSA-2023:4958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4958"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4959","reference_id":"RHSA-2023:4959","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4959"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5019","reference_id":"RHSA-2023:5019","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5019"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1839079","reference_id":"show_bug.cgi?id=1839079","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:37:53Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1839079"},{"reference_url":"https://usn.ubuntu.com/6267-1/","reference_id":"USN-6267-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6267-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940917?format=json","purl":"pkg:deb/debian/thunderbird@1:115.2.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.2.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2023-4053"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ygrd-4scr-wkau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62623?format=json","vulnerability_id":"VCID-yust-3g8v-muas","summary":"The executable file warning was not presented when downloading .xrm-ms files.  *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3863.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3863.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3863","reference_id":"","reference_type":"","scores":[{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56704","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56683","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56662","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56693","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56691","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56663","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.566","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56618","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56602","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56557","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56604","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56667","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56641","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56642","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56664","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56643","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56695","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56699","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56708","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3863"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2275554","reference_id":"2275554","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2275554"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-18","reference_id":"mfsa2024-18","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-18"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-18/","reference_id":"mfsa2024-18","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-07T15:24:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-18/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-19","reference_id":"mfsa2024-19","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-19"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-19/","reference_id":"mfsa2024-19","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-07T15:24:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-19/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-20","reference_id":"mfsa2024-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-20"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-20/","reference_id":"mfsa2024-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-07T15:24:10Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-20/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1885855","reference_id":"show_bug.cgi?id=1885855","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-07T15:24:10Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1885855"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2024-3863"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yust-3g8v-muas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63603?format=json","vulnerability_id":"VCID-z23q-ts2f-17a3","summary":"Normally Mozilla-based clients prevent web content from linking to local files\nbut Eric Foley reports a partial bypass of this restriction by using Windows\nfilename syntax (on a Windows computer) rather than a file:/// URL as the\nSRC= attribute. The image will not be loaded on the web page--it will appear as\na broken image--but if a user can be convinced to right-click and select\n\"View Image\" then the content will be loaded. Since the image will replace\nthe current document attacker script cannot be run on it. Loading a local\nfile at a known location is about the extent of this attack.If the local file is a media file an external helper program may be launched\nto play the media depending on your settings. The action will be the same\nas if you had clicked on a remote link of the same media type and does not\npresent any additional risk. Local files identified as executable will\nnever be opened in this way, with \"executable\" broadly\ndefined on windows to include many scriptable document formats with a history\nof being abused.By referencing a local device rather than a file this could be used\nas a limited denial-of-service attack to hang the browser.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-1942","reference_id":"","reference_type":"","scores":[{"value":"0.0294","scoring_system":"epss","scoring_elements":"0.86577","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0294","scoring_system":"epss","scoring_elements":"0.86371","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0294","scoring_system":"epss","scoring_elements":"0.86381","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0294","scoring_system":"epss","scoring_elements":"0.86398","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0294","scoring_system":"epss","scoring_elements":"0.864","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0294","scoring_system":"epss","scoring_elements":"0.86419","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0294","scoring_system":"epss","scoring_elements":"0.86429","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0294","scoring_system":"epss","scoring_elements":"0.86443","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0294","scoring_system":"epss","scoring_elements":"0.86442","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0294","scoring_system":"epss","scoring_elements":"0.86436","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0294","scoring_system":"epss","scoring_elements":"0.86453","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0294","scoring_system":"epss","scoring_elements":"0.86457","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0294","scoring_system":"epss","scoring_elements":"0.86451","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0294","scoring_system":"epss","scoring_elements":"0.8647","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0294","scoring_system":"epss","scoring_elements":"0.8648","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0294","scoring_system":"epss","scoring_elements":"0.86478","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0294","scoring_system":"epss","scoring_elements":"0.86498","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0294","scoring_system":"epss","scoring_elements":"0.86517","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0294","scoring_system":"epss","scoring_elements":"0.86535","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0294","scoring_system":"epss","scoring_elements":"0.86531","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0294","scoring_system":"epss","scoring_elements":"0.86543","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-1942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1942","reference_id":"CVE-2006-1942","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1942"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2006-39","reference_id":"mfsa2006-39","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2006-39"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2006-1942"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z23q-ts2f-17a3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63046?format=json","vulnerability_id":"VCID-zdbt-zhtq-xfhj","summary":"Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Windows. This did not affect Firefox running on other operating systems.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11713.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11713.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11713","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11217","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11147","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11009","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11313","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11076","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.1115","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11193","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11255","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11124","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11122","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11259","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11286","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11319","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11258","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11178","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11374","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13255","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13152","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13181","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11713"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403767","reference_id":"2403767","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2403767"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-81","reference_id":"mfsa2025-81","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-81"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-81/","reference_id":"mfsa2025-81","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:18Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-81/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-83","reference_id":"mfsa2025-83","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-83"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-83/","reference_id":"mfsa2025-83","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:18Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-83/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-84","reference_id":"mfsa2025-84","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-84"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-84/","reference_id":"mfsa2025-84","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:18Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-84/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-85","reference_id":"mfsa2025-85","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-85"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-85/","reference_id":"mfsa2025-85","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:18Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-85/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1986142","reference_id":"show_bug.cgi?id=1986142","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:18Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1986142"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2025-11713"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zdbt-zhtq-xfhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51419?format=json","vulnerability_id":"VCID-zjn8-79ab-tqd3","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5726.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5726.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5726","reference_id":"","reference_type":"","scores":[{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38359","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.385","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38476","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38386","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38268","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38339","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.3835","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.3826","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38286","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38752","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38774","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38703","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38753","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38764","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38776","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38739","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38712","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38758","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38736","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38657","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5726"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2245901","reference_id":"2245901","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2245901"},{"reference_url":"https://security.gentoo.org/glsa/202402-25","reference_id":"GLSA-202402-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-25"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-45","reference_id":"mfsa2023-45","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-45"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-45/","reference_id":"mfsa2023-45","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-11T18:53:41Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-45/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-46","reference_id":"mfsa2023-46","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-46"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-46/","reference_id":"mfsa2023-46","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-11T18:53:41Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-46/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-47","reference_id":"mfsa2023-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-47"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-47/","reference_id":"mfsa2023-47","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-11T18:53:41Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-47/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1846205","reference_id":"show_bug.cgi?id=1846205","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-11T18:53:41Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1846205"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940805?format=json","purl":"pkg:deb/debian/thunderbird@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2023-5726"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zjn8-79ab-tqd3"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie"}