{"url":"http://public2.vulnerablecode.io/api/packages/940809?format=json","purl":"pkg:deb/debian/thunderbird@1:60.5.0-1?distro=trixie","type":"deb","namespace":"debian","name":"thunderbird","version":"1:60.5.0-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1:60.5.1-1","latest_non_vulnerable_version":"1:140.10.2esr-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36908?format=json","vulnerability_id":"VCID-mrmv-u676-c7eq","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird and\n    Firefox, the worst of which could lead to the execution of arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18513","reference_id":"","reference_type":"","scores":[{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66425","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66152","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66193","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.6622","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66189","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66237","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.6625","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.6627","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66257","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66226","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66262","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66277","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66261","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66284","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66298","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66299","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66276","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.6632","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66363","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66335","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66355","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66415","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18501","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18501"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18505","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18505"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18512","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18512"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5785"},{"reference_url":"https://security.gentoo.org/glsa/201904-07","reference_id":"GLSA-201904-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201904-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-03","reference_id":"mfsa2019-03","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940809?format=json","purl":"pkg:deb/debian/thunderbird@1:60.5.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:60.5.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103088?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103090?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2018-18513"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mrmv-u676-c7eq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36853?format=json","vulnerability_id":"VCID-s4ey-k6yr-j7du","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird and\n    Firefox, the worst of which could lead to the execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5824.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5824.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5824","reference_id":"","reference_type":"","scores":[{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52743","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52754","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52579","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52631","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52676","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.5264","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00294","scoring_system":"epss","scoring_elements":"0.52665","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63418","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63404","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63422","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63434","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.6343","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63426","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63297","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63357","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63384","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.6335","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63401","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63419","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63436","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5824"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5824","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5824"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1375120","reference_id":"1375120","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1375120"},{"reference_url":"https://security.gentoo.org/glsa/201904-02","reference_id":"GLSA-201904-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201904-02"},{"reference_url":"https://security.gentoo.org/glsa/201904-07","reference_id":"GLSA-201904-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201904-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-03","reference_id":"mfsa2019-03","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0269","reference_id":"RHSA-2019:0269","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0269"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0270","reference_id":"RHSA-2019:0270","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0270"},{"reference_url":"https://usn.ubuntu.com/3897-1/","reference_id":"USN-3897-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3897-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940809?format=json","purl":"pkg:deb/debian/thunderbird@1:60.5.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:60.5.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103088?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103090?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2016-5824"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s4ey-k6yr-j7du"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36897?format=json","vulnerability_id":"VCID-tbu1-adxe-sudv","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird and\n    Firefox, the worst of which could lead to the execution of arbitrary code.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18501.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18501.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18501","reference_id":"","reference_type":"","scores":[{"value":"0.04635","scoring_system":"epss","scoring_elements":"0.89396","published_at":"2026-05-15T12:55:00Z"},{"value":"0.04635","scoring_system":"epss","scoring_elements":"0.89317","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04635","scoring_system":"epss","scoring_elements":"0.89326","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04635","scoring_system":"epss","scoring_elements":"0.89344","published_at":"2026-05-07T12:55:00Z"},{"value":"0.04635","scoring_system":"epss","scoring_elements":"0.89357","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04635","scoring_system":"epss","scoring_elements":"0.89355","published_at":"2026-05-11T12:55:00Z"},{"value":"0.04635","scoring_system":"epss","scoring_elements":"0.89366","published_at":"2026-05-12T12:55:00Z"},{"value":"0.04635","scoring_system":"epss","scoring_elements":"0.89386","published_at":"2026-05-14T12:55:00Z"},{"value":"0.04635","scoring_system":"epss","scoring_elements":"0.89238","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04635","scoring_system":"epss","scoring_elements":"0.89244","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04635","scoring_system":"epss","scoring_elements":"0.89258","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04635","scoring_system":"epss","scoring_elements":"0.89261","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04635","scoring_system":"epss","scoring_elements":"0.89278","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04635","scoring_system":"epss","scoring_elements":"0.89282","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04635","scoring_system":"epss","scoring_elements":"0.89291","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04635","scoring_system":"epss","scoring_elements":"0.89288","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04635","scoring_system":"epss","scoring_elements":"0.89285","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04635","scoring_system":"epss","scoring_elements":"0.89298","published_at":"2026-04-16T12:55:00Z"},{"value":"0.04635","scoring_system":"epss","scoring_elements":"0.89297","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04635","scoring_system":"epss","scoring_elements":"0.89292","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04635","scoring_system":"epss","scoring_elements":"0.89309","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04635","scoring_system":"epss","scoring_elements":"0.89314","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18501"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18501","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18501"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18505","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18505"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18512","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18512"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5785"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00025.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00025.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html"},{"reference_url":"https://www.debian.org/security/2019/dsa-4376","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4376"},{"reference_url":"https://www.debian.org/security/2019/dsa-4392","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4392"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2019-01/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2019-01/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2019-02/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2019-02/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2019-03/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2019-03/"},{"reference_url":"http://www.securityfocus.com/bid/106781","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/106781"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1670632","reference_id":"1670632","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1670632"},{"reference_url":"https://security.archlinux.org/ASA-201902-2","reference_id":"ASA-201902-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201902-2"},{"reference_url":"https://security.archlinux.org/AVG-862","reference_id":"AVG-862","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-862"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-18501","reference_id":"CVE-2018-18501","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-18501"},{"reference_url":"https://security.gentoo.org/glsa/201903-04","reference_id":"GLSA-201903-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-04"},{"reference_url":"https://security.gentoo.org/glsa/201904-07","reference_id":"GLSA-201904-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201904-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-01","reference_id":"mfsa2019-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-02","reference_id":"mfsa2019-02","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-02"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-03","reference_id":"mfsa2019-03","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0218","reference_id":"RHSA-2019:0218","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0218"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0219","reference_id":"RHSA-2019:0219","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0219"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0269","reference_id":"RHSA-2019:0269","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0269"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0270","reference_id":"RHSA-2019:0270","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0270"},{"reference_url":"https://usn.ubuntu.com/3874-1/","reference_id":"USN-3874-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3874-1/"},{"reference_url":"https://usn.ubuntu.com/3897-1/","reference_id":"USN-3897-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3897-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940809?format=json","purl":"pkg:deb/debian/thunderbird@1:60.5.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:60.5.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103088?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103090?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2018-18501"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tbu1-adxe-sudv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36886?format=json","vulnerability_id":"VCID-tec1-8t8s-zqgb","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird and\n    Firefox, the worst of which could lead to the execution of arbitrary code.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18500.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18500.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18500","reference_id":"","reference_type":"","scores":[{"value":"0.28229","scoring_system":"epss","scoring_elements":"0.96549","published_at":"2026-05-15T12:55:00Z"},{"value":"0.28229","scoring_system":"epss","scoring_elements":"0.96515","published_at":"2026-04-26T12:55:00Z"},{"value":"0.28229","scoring_system":"epss","scoring_elements":"0.96517","published_at":"2026-04-29T12:55:00Z"},{"value":"0.28229","scoring_system":"epss","scoring_elements":"0.96524","published_at":"2026-05-07T12:55:00Z"},{"value":"0.28229","scoring_system":"epss","scoring_elements":"0.96531","published_at":"2026-05-09T12:55:00Z"},{"value":"0.28229","scoring_system":"epss","scoring_elements":"0.96532","published_at":"2026-05-11T12:55:00Z"},{"value":"0.28229","scoring_system":"epss","scoring_elements":"0.96537","published_at":"2026-05-12T12:55:00Z"},{"value":"0.28229","scoring_system":"epss","scoring_elements":"0.96547","published_at":"2026-05-14T12:55:00Z"},{"value":"0.28229","scoring_system":"epss","scoring_elements":"0.96466","published_at":"2026-04-01T12:55:00Z"},{"value":"0.28229","scoring_system":"epss","scoring_elements":"0.96474","published_at":"2026-04-02T12:55:00Z"},{"value":"0.28229","scoring_system":"epss","scoring_elements":"0.96479","published_at":"2026-04-04T12:55:00Z"},{"value":"0.28229","scoring_system":"epss","scoring_elements":"0.96483","published_at":"2026-04-07T12:55:00Z"},{"value":"0.28229","scoring_system":"epss","scoring_elements":"0.96492","published_at":"2026-04-08T12:55:00Z"},{"value":"0.28229","scoring_system":"epss","scoring_elements":"0.96494","published_at":"2026-04-09T12:55:00Z"},{"value":"0.28229","scoring_system":"epss","scoring_elements":"0.96498","published_at":"2026-04-12T12:55:00Z"},{"value":"0.28229","scoring_system":"epss","scoring_elements":"0.96501","published_at":"2026-04-13T12:55:00Z"},{"value":"0.28229","scoring_system":"epss","scoring_elements":"0.96507","published_at":"2026-04-16T12:55:00Z"},{"value":"0.28229","scoring_system":"epss","scoring_elements":"0.96512","published_at":"2026-04-18T12:55:00Z"},{"value":"0.28229","scoring_system":"epss","scoring_elements":"0.96514","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18501","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18501"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18505","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18505"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18512","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18512"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5785"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00025.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00025.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html"},{"reference_url":"https://www.debian.org/security/2019/dsa-4376","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4376"},{"reference_url":"https://www.debian.org/security/2019/dsa-4392","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4392"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2019-01/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2019-01/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2019-02/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2019-02/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2019-03/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2019-03/"},{"reference_url":"http://www.securityfocus.com/bid/106781","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/106781"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1670631","reference_id":"1670631","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1670631"},{"reference_url":"https://security.archlinux.org/ASA-201902-2","reference_id":"ASA-201902-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201902-2"},{"reference_url":"https://security.archlinux.org/AVG-862","reference_id":"AVG-862","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-862"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-18500","reference_id":"CVE-2018-18500","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-18500"},{"reference_url":"https://security.gentoo.org/glsa/201903-04","reference_id":"GLSA-201903-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-04"},{"reference_url":"https://security.gentoo.org/glsa/201904-07","reference_id":"GLSA-201904-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201904-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-01","reference_id":"mfsa2019-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-02","reference_id":"mfsa2019-02","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-02"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-03","reference_id":"mfsa2019-03","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0218","reference_id":"RHSA-2019:0218","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0218"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0219","reference_id":"RHSA-2019:0219","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0219"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0269","reference_id":"RHSA-2019:0269","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0269"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0270","reference_id":"RHSA-2019:0270","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0270"},{"reference_url":"https://usn.ubuntu.com/3874-1/","reference_id":"USN-3874-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3874-1/"},{"reference_url":"https://usn.ubuntu.com/3897-1/","reference_id":"USN-3897-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3897-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940809?format=json","purl":"pkg:deb/debian/thunderbird@1:60.5.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:60.5.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103088?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103090?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2018-18500"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tec1-8t8s-zqgb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36903?format=json","vulnerability_id":"VCID-wwgd-pew4-zkf5","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird and\n    Firefox, the worst of which could lead to the execution of arbitrary code.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18505.json","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18505.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18505","reference_id":"","reference_type":"","scores":[{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.87034","published_at":"2026-05-15T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.86932","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.86953","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.86971","published_at":"2026-05-07T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.86989","published_at":"2026-05-09T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.86984","published_at":"2026-05-11T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.86998","published_at":"2026-05-12T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.87027","published_at":"2026-05-14T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.86828","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.86838","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.86857","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.86851","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.86871","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.8688","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.86892","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.86888","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.86883","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.869","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.86905","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.86923","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.86928","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18505"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1087565","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1087565"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18501","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18501"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18505","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18505"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18512","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18512"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5785"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00025.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00025.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html"},{"reference_url":"https://www.debian.org/security/2019/dsa-4376","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4376"},{"reference_url":"https://www.debian.org/security/2019/dsa-4392","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4392"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2019-01/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2019-01/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2019-02/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2019-02/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2019-03/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2019-03/"},{"reference_url":"http://www.securityfocus.com/bid/106781","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/106781"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1670633","reference_id":"1670633","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1670633"},{"reference_url":"https://security.archlinux.org/ASA-201902-2","reference_id":"ASA-201902-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201902-2"},{"reference_url":"https://security.archlinux.org/AVG-862","reference_id":"AVG-862","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-862"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-18505","reference_id":"CVE-2018-18505","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"10.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-18505"},{"reference_url":"https://security.gentoo.org/glsa/201903-04","reference_id":"GLSA-201903-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-04"},{"reference_url":"https://security.gentoo.org/glsa/201904-07","reference_id":"GLSA-201904-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201904-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-01","reference_id":"mfsa2019-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-02","reference_id":"mfsa2019-02","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-02"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-03","reference_id":"mfsa2019-03","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0218","reference_id":"RHSA-2019:0218","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0218"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0219","reference_id":"RHSA-2019:0219","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0219"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0269","reference_id":"RHSA-2019:0269","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0269"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0270","reference_id":"RHSA-2019:0270","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0270"},{"reference_url":"https://usn.ubuntu.com/3874-1/","reference_id":"USN-3874-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3874-1/"},{"reference_url":"https://usn.ubuntu.com/3897-1/","reference_id":"USN-3897-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3897-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940809?format=json","purl":"pkg:deb/debian/thunderbird@1:60.5.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:60.5.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103088?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103090?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2018-18505"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wwgd-pew4-zkf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36906?format=json","vulnerability_id":"VCID-yr3u-k2gz-n3d3","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird and\n    Firefox, the worst of which could lead to the execution of arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18512","reference_id":"","reference_type":"","scores":[{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.62051","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61783","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61857","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61887","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61858","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61907","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61924","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61945","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61933","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61913","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61956","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.6196","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61942","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61939","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61949","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61895","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.62002","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61957","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.61984","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.62037","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18512"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18501","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18501"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18505","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18505"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18512","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18512"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5785"},{"reference_url":"https://security.gentoo.org/glsa/201904-07","reference_id":"GLSA-201904-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201904-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-03","reference_id":"mfsa2019-03","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940809?format=json","purl":"pkg:deb/debian/thunderbird@1:60.5.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:60.5.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-pszh-x9gd-xyg4"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-ufku-v5vq-4yef"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103088?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103090?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103087?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3a6f-173h-fqbz"},{"vulnerability":"VCID-4e49-6tg2-e7d9"},{"vulnerability":"VCID-pszh-x9gd-xyg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112589?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.2esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.2esr-1%3Fdistro=trixie"}],"aliases":["CVE-2018-18512"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yr3u-k2gz-n3d3"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:60.5.0-1%3Fdistro=trixie"}