{"url":"http://public2.vulnerablecode.io/api/packages/941001?format=json","purl":"pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb11u1?distro=trixie","type":"deb","namespace":"debian","name":"thunderbird","version":"1:140.5.0esr-1~deb11u1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1:140.5.0esr-1~deb12u1","latest_non_vulnerable_version":"1:140.10.0esr-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63013?format=json","vulnerability_id":"VCID-4bw1-v6ze-kbds","summary":"Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13018.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13018.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13018","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06929","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07023","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07013","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07006","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06945","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.0734","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10034","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10092","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10112","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10136","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18762","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18559","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18478","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18708","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13018"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13018","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13018"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414079","reference_id":"2414079","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414079"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-87","reference_id":"mfsa2025-87","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-87"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-87/","reference_id":"mfsa2025-87","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:10:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-87/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-88","reference_id":"mfsa2025-88","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-88"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-88/","reference_id":"mfsa2025-88","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:10:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-88/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-90","reference_id":"mfsa2025-90","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-90"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-90/","reference_id":"mfsa2025-90","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:10:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-90/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-91","reference_id":"mfsa2025-91","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-91"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-91/","reference_id":"mfsa2025-91","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:10:48Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-91/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21120","reference_id":"RHSA-2025:21120","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21120"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21121","reference_id":"RHSA-2025:21121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21121"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21280","reference_id":"RHSA-2025:21280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21280"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21281","reference_id":"RHSA-2025:21281","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21281"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21841","reference_id":"RHSA-2025:21841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21842","reference_id":"RHSA-2025:21842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21843","reference_id":"RHSA-2025:21843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21844","reference_id":"RHSA-2025:21844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21844"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21881","reference_id":"RHSA-2025:21881","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21881"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22363","reference_id":"RHSA-2025:22363","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22363"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22367","reference_id":"RHSA-2025:22367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22368","reference_id":"RHSA-2025:22368","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22368"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22369","reference_id":"RHSA-2025:22369","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22369"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22371","reference_id":"RHSA-2025:22371","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22372","reference_id":"RHSA-2025:22372","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22372"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22373","reference_id":"RHSA-2025:22373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22374","reference_id":"RHSA-2025:22374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22374"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22375","reference_id":"RHSA-2025:22375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22449","reference_id":"RHSA-2025:22449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22450","reference_id":"RHSA-2025:22450","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22450"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22451","reference_id":"RHSA-2025:22451","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22451"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22791","reference_id":"RHSA-2025:22791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22792","reference_id":"RHSA-2025:22792","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22792"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22882","reference_id":"RHSA-2025:22882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22883","reference_id":"RHSA-2025:22883","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22883"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1984940","reference_id":"show_bug.cgi?id=1984940","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:10:48Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1984940"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/941001?format=json","purl":"pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/941000?format=json","purl":"pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/941003?format=json","purl":"pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/941002?format=json","purl":"pkg:deb/debian/thunderbird@1:140.5.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.5.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2025-13018"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4bw1-v6ze-kbds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63014?format=json","vulnerability_id":"VCID-4kd3-95cm-g3fc","summary":"Same-origin policy bypass in the DOM: Workers component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13019.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13019.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13019","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06929","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07023","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07013","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07006","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06945","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.0734","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10112","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10136","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10034","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10092","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18478","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18559","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18762","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18708","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13019","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13019"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414084","reference_id":"2414084","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414084"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-87","reference_id":"mfsa2025-87","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-87"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-87/","reference_id":"mfsa2025-87","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:59:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-87/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-88","reference_id":"mfsa2025-88","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-88"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-88/","reference_id":"mfsa2025-88","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:59:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-88/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-90","reference_id":"mfsa2025-90","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-90"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-90/","reference_id":"mfsa2025-90","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:59:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-90/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-91","reference_id":"mfsa2025-91","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-91"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-91/","reference_id":"mfsa2025-91","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:59:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-91/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21120","reference_id":"RHSA-2025:21120","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21120"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21121","reference_id":"RHSA-2025:21121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21121"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21280","reference_id":"RHSA-2025:21280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21280"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21281","reference_id":"RHSA-2025:21281","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21281"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21841","reference_id":"RHSA-2025:21841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21842","reference_id":"RHSA-2025:21842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21843","reference_id":"RHSA-2025:21843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21844","reference_id":"RHSA-2025:21844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21844"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21881","reference_id":"RHSA-2025:21881","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21881"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22363","reference_id":"RHSA-2025:22363","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22363"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22367","reference_id":"RHSA-2025:22367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22368","reference_id":"RHSA-2025:22368","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22368"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22369","reference_id":"RHSA-2025:22369","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22369"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22371","reference_id":"RHSA-2025:22371","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22372","reference_id":"RHSA-2025:22372","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22372"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22373","reference_id":"RHSA-2025:22373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22374","reference_id":"RHSA-2025:22374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22374"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22375","reference_id":"RHSA-2025:22375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22449","reference_id":"RHSA-2025:22449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22450","reference_id":"RHSA-2025:22450","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22450"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22451","reference_id":"RHSA-2025:22451","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22451"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22791","reference_id":"RHSA-2025:22791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22792","reference_id":"RHSA-2025:22792","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22792"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22882","reference_id":"RHSA-2025:22882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22883","reference_id":"RHSA-2025:22883","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22883"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1988412","reference_id":"show_bug.cgi?id=1988412","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:59:56Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1988412"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/941001?format=json","purl":"pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/941000?format=json","purl":"pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/941003?format=json","purl":"pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/941002?format=json","purl":"pkg:deb/debian/thunderbird@1:140.5.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.5.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2025-13019"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4kd3-95cm-g3fc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63011?format=json","vulnerability_id":"VCID-962a-dwqf-3ycg","summary":"Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13016.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13016.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13016","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09736","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09765","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09811","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09778","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14709","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14515","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14508","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14617","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14672","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.1536","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23745","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23525","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23596","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23702","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13016"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13016","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13016"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414083","reference_id":"2414083","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414083"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-87","reference_id":"mfsa2025-87","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-87"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-87/","reference_id":"mfsa2025-87","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:12:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-87/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-88","reference_id":"mfsa2025-88","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-88"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-88/","reference_id":"mfsa2025-88","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:12:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-88/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-90","reference_id":"mfsa2025-90","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-90"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-90/","reference_id":"mfsa2025-90","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:12:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-90/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-91","reference_id":"mfsa2025-91","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-91"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-91/","reference_id":"mfsa2025-91","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:12:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-91/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21120","reference_id":"RHSA-2025:21120","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21120"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21121","reference_id":"RHSA-2025:21121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21121"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21280","reference_id":"RHSA-2025:21280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21280"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21281","reference_id":"RHSA-2025:21281","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21281"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21841","reference_id":"RHSA-2025:21841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21842","reference_id":"RHSA-2025:21842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21843","reference_id":"RHSA-2025:21843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21844","reference_id":"RHSA-2025:21844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21844"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21881","reference_id":"RHSA-2025:21881","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21881"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22363","reference_id":"RHSA-2025:22363","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22363"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22367","reference_id":"RHSA-2025:22367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22368","reference_id":"RHSA-2025:22368","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22368"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22369","reference_id":"RHSA-2025:22369","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22369"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22371","reference_id":"RHSA-2025:22371","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22372","reference_id":"RHSA-2025:22372","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22372"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22373","reference_id":"RHSA-2025:22373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22374","reference_id":"RHSA-2025:22374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22374"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22375","reference_id":"RHSA-2025:22375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22449","reference_id":"RHSA-2025:22449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22450","reference_id":"RHSA-2025:22450","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22450"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22451","reference_id":"RHSA-2025:22451","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22451"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22791","reference_id":"RHSA-2025:22791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22792","reference_id":"RHSA-2025:22792","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22792"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22882","reference_id":"RHSA-2025:22882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22883","reference_id":"RHSA-2025:22883","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22883"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1992130","reference_id":"show_bug.cgi?id=1992130","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:12:45Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1992130"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/941001?format=json","purl":"pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/941000?format=json","purl":"pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/941003?format=json","purl":"pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/941002?format=json","purl":"pkg:deb/debian/thunderbird@1:140.5.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.5.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2025-13016"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-962a-dwqf-3ycg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63010?format=json","vulnerability_id":"VCID-dgwm-n1zx-qkbq","summary":"Race condition in the Graphics component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13012.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13012.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13012","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09604","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09794","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09746","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09762","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09632","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10314","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16056","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16097","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16207","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16094","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22148","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22319","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22362","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.2223","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13012"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13012","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13012"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414086","reference_id":"2414086","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414086"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-87","reference_id":"mfsa2025-87","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-87"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-87/","reference_id":"mfsa2025-87","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:37:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-87/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-88","reference_id":"mfsa2025-88","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-88"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-88/","reference_id":"mfsa2025-88","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:37:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-88/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-89","reference_id":"mfsa2025-89","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-89"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-89/","reference_id":"mfsa2025-89","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:37:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-89/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-90","reference_id":"mfsa2025-90","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-90"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-90/","reference_id":"mfsa2025-90","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:37:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-90/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-91","reference_id":"mfsa2025-91","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-91"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-91/","reference_id":"mfsa2025-91","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:37:17Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-91/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21120","reference_id":"RHSA-2025:21120","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21120"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21121","reference_id":"RHSA-2025:21121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21121"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21280","reference_id":"RHSA-2025:21280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21280"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21281","reference_id":"RHSA-2025:21281","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21281"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21841","reference_id":"RHSA-2025:21841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21842","reference_id":"RHSA-2025:21842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21843","reference_id":"RHSA-2025:21843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21844","reference_id":"RHSA-2025:21844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21844"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21881","reference_id":"RHSA-2025:21881","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21881"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22363","reference_id":"RHSA-2025:22363","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22363"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22367","reference_id":"RHSA-2025:22367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22368","reference_id":"RHSA-2025:22368","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22368"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22369","reference_id":"RHSA-2025:22369","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22369"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22371","reference_id":"RHSA-2025:22371","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22372","reference_id":"RHSA-2025:22372","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22372"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22373","reference_id":"RHSA-2025:22373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22374","reference_id":"RHSA-2025:22374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22374"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22375","reference_id":"RHSA-2025:22375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22449","reference_id":"RHSA-2025:22449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22450","reference_id":"RHSA-2025:22450","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22450"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22451","reference_id":"RHSA-2025:22451","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22451"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22791","reference_id":"RHSA-2025:22791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22792","reference_id":"RHSA-2025:22792","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22792"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22882","reference_id":"RHSA-2025:22882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22883","reference_id":"RHSA-2025:22883","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22883"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1991458","reference_id":"show_bug.cgi?id=1991458","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T15:37:17Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1991458"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/941001?format=json","purl":"pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/941000?format=json","purl":"pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/941003?format=json","purl":"pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/941002?format=json","purl":"pkg:deb/debian/thunderbird@1:140.5.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.5.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2025-13012"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dgwm-n1zx-qkbq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63016?format=json","vulnerability_id":"VCID-e7jk-vs8y-fyhr","summary":"Use-after-free in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13020.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13020.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13020","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10752","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10935","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10903","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.1088","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10739","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11442","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17573","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17663","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17494","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17549","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23525","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23596","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23745","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23702","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13020"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13020","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13020"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414085","reference_id":"2414085","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414085"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-87","reference_id":"mfsa2025-87","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-87"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-87/","reference_id":"mfsa2025-87","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:56:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-87/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-88","reference_id":"mfsa2025-88","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-88"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-88/","reference_id":"mfsa2025-88","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:56:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-88/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-90","reference_id":"mfsa2025-90","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-90"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-90/","reference_id":"mfsa2025-90","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:56:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-90/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-91","reference_id":"mfsa2025-91","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-91"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-91/","reference_id":"mfsa2025-91","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:56:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-91/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21120","reference_id":"RHSA-2025:21120","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21120"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21121","reference_id":"RHSA-2025:21121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21121"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21280","reference_id":"RHSA-2025:21280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21280"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21281","reference_id":"RHSA-2025:21281","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21281"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21841","reference_id":"RHSA-2025:21841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21842","reference_id":"RHSA-2025:21842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21843","reference_id":"RHSA-2025:21843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21844","reference_id":"RHSA-2025:21844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21844"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21881","reference_id":"RHSA-2025:21881","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21881"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22363","reference_id":"RHSA-2025:22363","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22363"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22367","reference_id":"RHSA-2025:22367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22368","reference_id":"RHSA-2025:22368","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22368"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22369","reference_id":"RHSA-2025:22369","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22369"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22371","reference_id":"RHSA-2025:22371","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22372","reference_id":"RHSA-2025:22372","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22372"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22373","reference_id":"RHSA-2025:22373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22374","reference_id":"RHSA-2025:22374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22374"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22375","reference_id":"RHSA-2025:22375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22449","reference_id":"RHSA-2025:22449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22450","reference_id":"RHSA-2025:22450","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22450"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22451","reference_id":"RHSA-2025:22451","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22451"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22791","reference_id":"RHSA-2025:22791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22792","reference_id":"RHSA-2025:22792","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22792"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22882","reference_id":"RHSA-2025:22882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22883","reference_id":"RHSA-2025:22883","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22883"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1995686","reference_id":"show_bug.cgi?id=1995686","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T14:56:55Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1995686"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/941001?format=json","purl":"pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/941000?format=json","purl":"pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/941003?format=json","purl":"pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/941002?format=json","purl":"pkg:deb/debian/thunderbird@1:140.5.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.5.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2025-13020"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e7jk-vs8y-fyhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63019?format=json","vulnerability_id":"VCID-kdwy-7p45-hbcs","summary":"Spoofing issue in Firefox. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13015.json","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13015.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13015","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08124","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08138","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11327","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11159","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11227","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11268","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13252","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1334","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13302","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13908","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28159","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28116","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28023","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27955","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13015"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13015","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13015"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414090","reference_id":"2414090","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414090"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-87","reference_id":"mfsa2025-87","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-87"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-87/","reference_id":"mfsa2025-87","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:30:38Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-87/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-88","reference_id":"mfsa2025-88","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-88"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-88/","reference_id":"mfsa2025-88","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:30:38Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-88/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-89","reference_id":"mfsa2025-89","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-89"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-89/","reference_id":"mfsa2025-89","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:30:38Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-89/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-90/","reference_id":"mfsa2025-90","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:30:38Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-90/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-91/","reference_id":"mfsa2025-91","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:30:38Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-91/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21120","reference_id":"RHSA-2025:21120","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21120"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21121","reference_id":"RHSA-2025:21121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21121"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21280","reference_id":"RHSA-2025:21280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21280"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21281","reference_id":"RHSA-2025:21281","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21281"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21841","reference_id":"RHSA-2025:21841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21842","reference_id":"RHSA-2025:21842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21843","reference_id":"RHSA-2025:21843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21844","reference_id":"RHSA-2025:21844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21844"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21881","reference_id":"RHSA-2025:21881","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21881"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22363","reference_id":"RHSA-2025:22363","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22363"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22367","reference_id":"RHSA-2025:22367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22368","reference_id":"RHSA-2025:22368","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22368"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22369","reference_id":"RHSA-2025:22369","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22369"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22371","reference_id":"RHSA-2025:22371","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22372","reference_id":"RHSA-2025:22372","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22372"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22373","reference_id":"RHSA-2025:22373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22374","reference_id":"RHSA-2025:22374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22374"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22375","reference_id":"RHSA-2025:22375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22449","reference_id":"RHSA-2025:22449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22450","reference_id":"RHSA-2025:22450","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22450"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22451","reference_id":"RHSA-2025:22451","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22451"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22791","reference_id":"RHSA-2025:22791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22792","reference_id":"RHSA-2025:22792","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22792"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22882","reference_id":"RHSA-2025:22882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22883","reference_id":"RHSA-2025:22883","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22883"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1994164","reference_id":"show_bug.cgi?id=1994164","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:30:38Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1994164"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/941001?format=json","purl":"pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/941000?format=json","purl":"pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/941003?format=json","purl":"pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/941002?format=json","purl":"pkg:deb/debian/thunderbird@1:140.5.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.5.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2025-13015"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kdwy-7p45-hbcs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63017?format=json","vulnerability_id":"VCID-qgvy-hzsx-hkge","summary":"Use-after-free in the Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13014.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13014.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13014","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13112","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13292","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13254","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13205","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13848","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20524","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.2064","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20492","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20527","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.265","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26456","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26344","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26276","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13014","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13014"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414080","reference_id":"2414080","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414080"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-87","reference_id":"mfsa2025-87","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-87"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-87/","reference_id":"mfsa2025-87","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:33:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-87/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-88","reference_id":"mfsa2025-88","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-88"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-88/","reference_id":"mfsa2025-88","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:33:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-88/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-89","reference_id":"mfsa2025-89","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-89"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-89/","reference_id":"mfsa2025-89","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:33:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-89/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-90","reference_id":"mfsa2025-90","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-90"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-90/","reference_id":"mfsa2025-90","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:33:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-90/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-91","reference_id":"mfsa2025-91","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-91"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-91/","reference_id":"mfsa2025-91","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:33:45Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-91/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21120","reference_id":"RHSA-2025:21120","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21120"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21121","reference_id":"RHSA-2025:21121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21121"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21280","reference_id":"RHSA-2025:21280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21280"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21281","reference_id":"RHSA-2025:21281","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21281"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21841","reference_id":"RHSA-2025:21841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21842","reference_id":"RHSA-2025:21842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21843","reference_id":"RHSA-2025:21843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21844","reference_id":"RHSA-2025:21844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21844"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21881","reference_id":"RHSA-2025:21881","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21881"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22363","reference_id":"RHSA-2025:22363","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22363"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22367","reference_id":"RHSA-2025:22367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22368","reference_id":"RHSA-2025:22368","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22368"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22369","reference_id":"RHSA-2025:22369","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22369"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22371","reference_id":"RHSA-2025:22371","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22372","reference_id":"RHSA-2025:22372","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22372"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22373","reference_id":"RHSA-2025:22373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22374","reference_id":"RHSA-2025:22374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22374"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22375","reference_id":"RHSA-2025:22375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22449","reference_id":"RHSA-2025:22449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22450","reference_id":"RHSA-2025:22450","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22450"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22451","reference_id":"RHSA-2025:22451","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22451"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22791","reference_id":"RHSA-2025:22791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22792","reference_id":"RHSA-2025:22792","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22792"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22882","reference_id":"RHSA-2025:22882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22883","reference_id":"RHSA-2025:22883","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22883"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1994241","reference_id":"show_bug.cgi?id=1994241","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:33:45Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1994241"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/941001?format=json","purl":"pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/941000?format=json","purl":"pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/941003?format=json","purl":"pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/941002?format=json","purl":"pkg:deb/debian/thunderbird@1:140.5.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.5.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2025-13014"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qgvy-hzsx-hkge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63015?format=json","vulnerability_id":"VCID-ukut-zyjx-93gq","summary":"Mitigation bypass in the DOM: Core & HTML component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13013.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13013.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13013","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.11977","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12178","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12109","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12141","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.1198","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12681","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16841","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16907","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17003","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16891","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26086","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26272","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26314","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26153","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13013","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13013"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414091","reference_id":"2414091","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414091"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-87","reference_id":"mfsa2025-87","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-87"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-87/","reference_id":"mfsa2025-87","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:35:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-87/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-88","reference_id":"mfsa2025-88","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-88"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-88/","reference_id":"mfsa2025-88","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:35:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-88/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-89","reference_id":"mfsa2025-89","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-89"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-89/","reference_id":"mfsa2025-89","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:35:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-89/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-90","reference_id":"mfsa2025-90","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-90"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-90/","reference_id":"mfsa2025-90","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:35:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-90/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-91","reference_id":"mfsa2025-91","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-91"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-91/","reference_id":"mfsa2025-91","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:35:19Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-91/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21120","reference_id":"RHSA-2025:21120","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21120"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21121","reference_id":"RHSA-2025:21121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21121"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21280","reference_id":"RHSA-2025:21280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21280"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21281","reference_id":"RHSA-2025:21281","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21281"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21841","reference_id":"RHSA-2025:21841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21842","reference_id":"RHSA-2025:21842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21843","reference_id":"RHSA-2025:21843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21844","reference_id":"RHSA-2025:21844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21844"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21881","reference_id":"RHSA-2025:21881","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21881"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22363","reference_id":"RHSA-2025:22363","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22363"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22367","reference_id":"RHSA-2025:22367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22368","reference_id":"RHSA-2025:22368","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22368"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22369","reference_id":"RHSA-2025:22369","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22369"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22371","reference_id":"RHSA-2025:22371","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22372","reference_id":"RHSA-2025:22372","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22372"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22373","reference_id":"RHSA-2025:22373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22374","reference_id":"RHSA-2025:22374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22374"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22375","reference_id":"RHSA-2025:22375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22449","reference_id":"RHSA-2025:22449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22450","reference_id":"RHSA-2025:22450","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22450"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22451","reference_id":"RHSA-2025:22451","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22451"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22791","reference_id":"RHSA-2025:22791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22792","reference_id":"RHSA-2025:22792","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22792"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22882","reference_id":"RHSA-2025:22882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22883","reference_id":"RHSA-2025:22883","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22883"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1991945","reference_id":"show_bug.cgi?id=1991945","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-13T15:35:19Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1991945"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/941001?format=json","purl":"pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/941000?format=json","purl":"pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/941003?format=json","purl":"pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/941002?format=json","purl":"pkg:deb/debian/thunderbird@1:140.5.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.5.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2025-13013"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ukut-zyjx-93gq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63012?format=json","vulnerability_id":"VCID-wz6r-xzm9-m7hp","summary":"Same-origin policy bypass in the DOM: Notifications component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13017.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13017.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13017","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06929","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07023","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07013","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07006","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06945","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.0734","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10034","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10092","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10112","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10136","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18762","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18559","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18478","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18708","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-13017"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13017","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13017"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414092","reference_id":"2414092","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414092"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-87","reference_id":"mfsa2025-87","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-87"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-87/","reference_id":"mfsa2025-87","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:14:51Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-87/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-88","reference_id":"mfsa2025-88","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-88"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-88/","reference_id":"mfsa2025-88","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:14:51Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-88/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-90","reference_id":"mfsa2025-90","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-90"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-90/","reference_id":"mfsa2025-90","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:14:51Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-90/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-91","reference_id":"mfsa2025-91","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2025-91"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2025-91/","reference_id":"mfsa2025-91","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:14:51Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2025-91/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21120","reference_id":"RHSA-2025:21120","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21120"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21121","reference_id":"RHSA-2025:21121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21121"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21280","reference_id":"RHSA-2025:21280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21280"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21281","reference_id":"RHSA-2025:21281","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21281"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21841","reference_id":"RHSA-2025:21841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21842","reference_id":"RHSA-2025:21842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21843","reference_id":"RHSA-2025:21843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21844","reference_id":"RHSA-2025:21844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21844"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21881","reference_id":"RHSA-2025:21881","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21881"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22363","reference_id":"RHSA-2025:22363","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22363"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22367","reference_id":"RHSA-2025:22367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22368","reference_id":"RHSA-2025:22368","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22368"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22369","reference_id":"RHSA-2025:22369","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22369"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22371","reference_id":"RHSA-2025:22371","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22372","reference_id":"RHSA-2025:22372","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22372"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22373","reference_id":"RHSA-2025:22373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22374","reference_id":"RHSA-2025:22374","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22374"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22375","reference_id":"RHSA-2025:22375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22449","reference_id":"RHSA-2025:22449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22450","reference_id":"RHSA-2025:22450","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22450"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22451","reference_id":"RHSA-2025:22451","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22451"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22791","reference_id":"RHSA-2025:22791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22792","reference_id":"RHSA-2025:22792","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22792"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22882","reference_id":"RHSA-2025:22882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22883","reference_id":"RHSA-2025:22883","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22883"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1980904","reference_id":"show_bug.cgi?id=1980904","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-12T15:14:51Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1980904"},{"reference_url":"https://usn.ubuntu.com/7991-1/","reference_id":"USN-7991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/940802?format=json","purl":"pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/941001?format=json","purl":"pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/941000?format=json","purl":"pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/941003?format=json","purl":"pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/941002?format=json","purl":"pkg:deb/debian/thunderbird@1:140.5.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.5.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940800?format=json","purl":"pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940804?format=json","purl":"pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/940803?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5dw5-vpt8-zqbz"},{"vulnerability":"VCID-9ag7-z86d-nba9"},{"vulnerability":"VCID-qbzp-euvv-q7c7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067638?format=json","purl":"pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fqb-r5zb-a7dp"},{"vulnerability":"VCID-3kv6-c148-nkhq"},{"vulnerability":"VCID-59d3-343b-e3aw"},{"vulnerability":"VCID-61r1-arbe-dke4"},{"vulnerability":"VCID-7jt2-zr49-7ye5"},{"vulnerability":"VCID-95et-ezmb-buau"},{"vulnerability":"VCID-9nbw-7c9e-13af"},{"vulnerability":"VCID-av7u-3g4m-mugm"},{"vulnerability":"VCID-bwth-uepr-z7a3"},{"vulnerability":"VCID-cjsm-7gxr-8ygw"},{"vulnerability":"VCID-d16s-p141-qbft"},{"vulnerability":"VCID-fxjm-ywug-f3d5"},{"vulnerability":"VCID-hk2m-rbdy-nqhc"},{"vulnerability":"VCID-ma29-qa7e-9qb4"},{"vulnerability":"VCID-nge1-4cvg-zqb2"},{"vulnerability":"VCID-nyum-jpbc-abew"},{"vulnerability":"VCID-p6yz-xs58-u3gm"},{"vulnerability":"VCID-pfmd-zv8f-8bfc"},{"vulnerability":"VCID-q689-wneh-hbdq"},{"vulnerability":"VCID-q8qp-5szp-mfe8"},{"vulnerability":"VCID-ruqn-mk9t-57hb"},{"vulnerability":"VCID-tv7r-qf2c-dqbm"},{"vulnerability":"VCID-w98r-yagc-kkec"},{"vulnerability":"VCID-z6tm-b352-5uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077499?format=json","purl":"pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie"}],"aliases":["CVE-2025-13017"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wz6r-xzm9-m7hp"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.5.0esr-1~deb11u1%3Fdistro=trixie"}