Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/941007?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/941007?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb12u1?distro=trixie", "type": "deb", "namespace": "debian", "name": "thunderbird", "version": "1:140.7.0esr-1~deb12u1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1:140.7.0esr-1~deb13u1", "latest_non_vulnerable_version": "1:140.10.0esr-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62766?format=api", "vulnerability_id": "VCID-6cx1-8t9m-u3av", "summary": "Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0886.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0886.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0886", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04788", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04763", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04559", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04582", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04599", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04609", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04594", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04544", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04521", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04729", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04688", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04551", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04541", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04566", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0886" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0886", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0886" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428978", "reference_id": "2428978", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428978" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:27:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-02/", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:27:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-02/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:27:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:27:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:27:39Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2005658", "reference_id": "show_bug.cgi?id=2005658", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:27:39Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2005658" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/940802?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940800?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941008?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941007?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941010?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941009?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940804?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940803?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067638?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077499?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-0886" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6cx1-8t9m-u3av" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62767?format=api", "vulnerability_id": "VCID-8u4y-zrhv-8fe9", "summary": "Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0887.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0887.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0887", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02851", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02794", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02729", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0273", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02759", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02739", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02737", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02714", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02806", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02816", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02701", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02691", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02711", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0887" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0887", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0887" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428972", "reference_id": "2428972", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428972" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:32:40Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:32:40Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:32:40Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:32:40Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2006500", "reference_id": "show_bug.cgi?id=2006500", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:32:40Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2006500" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/940802?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940800?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941008?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941007?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941010?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941009?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940804?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940803?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067638?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077499?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-0887" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8u4y-zrhv-8fe9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62761?format=api", "vulnerability_id": "VCID-a98z-hwzc-wkcj", "summary": "Use-after-free in the IPC component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0882.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0882.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0882", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0575", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05743", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05533", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05555", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05568", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05595", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05571", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05534", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.055", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05707", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05672", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05509", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05498", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05549", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0882" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0882", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0882" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428966", "reference_id": "2428966", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428966" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:21:25Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-02/", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:21:25Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-02/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:21:25Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:21:25Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:21:25Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924125", "reference_id": "show_bug.cgi?id=1924125", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:21:25Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924125" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/940802?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940800?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941008?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941007?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941010?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941009?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940804?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940803?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067638?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077499?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-0882" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a98z-hwzc-wkcj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62768?format=api", "vulnerability_id": "VCID-deth-9krh-kufj", "summary": "Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0890.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0890.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0890", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04185", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0415", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04043", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0404", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04067", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04028", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04048", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04011", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04132", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04118", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03993", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03981", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03998", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04026", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0890" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0890", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0890" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428971", "reference_id": "2428971", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428971" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:30:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:30:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:30:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:30:33Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2005081", "reference_id": "show_bug.cgi?id=2005081", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T15:30:33Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2005081" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/940802?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940800?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941008?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941007?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941010?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941009?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940804?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940803?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067638?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077499?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-0890" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-deth-9krh-kufj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62764?format=api", "vulnerability_id": "VCID-h2gc-zk2a-1fg6", "summary": "Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0884.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0884.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0884", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07167", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07196", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0714", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07198", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.072", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0717", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07117", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07091", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07216", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07092", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07115", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07178", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07187", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0884" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0884", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0884" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428967", "reference_id": "2428967", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428967" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T15:35:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T15:35:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T15:35:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T15:35:44Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2003588", "reference_id": "show_bug.cgi?id=2003588", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T15:35:44Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2003588" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/940802?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940800?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941008?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941007?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941010?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941009?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940804?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940803?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067638?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077499?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-0884" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h2gc-zk2a-1fg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62765?format=api", "vulnerability_id": "VCID-jybh-8px4-pqau", "summary": "Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0885.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0885.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0885", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05915", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05904", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05689", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05734", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05756", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05697", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05729", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05657", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05868", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05835", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05686", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05676", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0572", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05726", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0885" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0885", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0885" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428961", "reference_id": "2428961", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428961" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:24:43Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:24:43Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:24:43Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:24:43Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2003607", "reference_id": "show_bug.cgi?id=2003607", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T20:24:43Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2003607" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/940802?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940800?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941008?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941007?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941010?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941009?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940804?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940803?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067638?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077499?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-0885" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jybh-8px4-pqau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62762?format=api", "vulnerability_id": "VCID-kk2m-2mxz-sbex", "summary": "Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox < 146, Thunderbird < 146, Firefox ESR < 140.7, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14327.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14327.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14327", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02702", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02659", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02672", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.0268", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02682", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03467", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03403", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03391", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03415", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03439", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03577", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03532", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03527", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03521", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14327" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14327", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14327" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420507", "reference_id": "2420507", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420507" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-92/", "reference_id": "mfsa2025-92", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-11T20:42:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-92/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2025-95/", "reference_id": "mfsa2025-95", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-11T20:42:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2025-95/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-11T20:42:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-11T20:42:08Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970743", "reference_id": "show_bug.cgi?id=1970743", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-11T20:42:08Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970743" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/940802?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940800?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941008?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941007?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941010?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941009?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940804?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940803?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067638?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077499?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-14327" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kk2m-2mxz-sbex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62758?format=api", "vulnerability_id": "VCID-ndd4-kd1y-z7ep", "summary": "Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0878.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0878.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0878", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07767", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07789", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07783", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07851", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07861", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07827", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.0784", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.0778", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07821", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07865", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07712", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07739", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07825", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07838", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0878" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0878", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0878" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428965", "reference_id": "2428965", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428965" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:40:42Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:40:42Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:40:42Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:40:42Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2003989", "reference_id": "show_bug.cgi?id=2003989", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:40:42Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2003989" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/940802?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940800?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941008?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941007?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941010?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941009?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940804?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940803?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067638?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077499?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-0878" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ndd4-kd1y-z7ep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62769?format=api", "vulnerability_id": "VCID-nkpq-9gd6-nuc4", "summary": "Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0891.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0891.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0891", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06821", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06643", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06688", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06674", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06724", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06757", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06749", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06742", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06673", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06662", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.0682", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06826", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06845", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0891" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0891", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0891" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428963", "reference_id": "2428963", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428963" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1964722%2C2000981%2C2003100%2C2003278", "reference_id": "buglist.cgi?bug_id=1964722%2C2000981%2C2003100%2C2003278", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T14:32:50Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-15T04:56:05Z/" } ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1964722%2C2000981%2C2003100%2C2003278" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T14:32:50Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-15T04:56:05Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-15T04:56:05Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T14:32:50Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-15T04:56:05Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T14:32:50Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-15T04:56:05Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T14:32:50Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/940802?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940800?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941008?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941007?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941010?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941009?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940804?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940803?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067638?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077499?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-0891" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nkpq-9gd6-nuc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62759?format=api", "vulnerability_id": "VCID-pemg-ndu8-wbbc", "summary": "Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0879.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0879.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0879", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07299", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07325", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07273", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07319", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07331", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07333", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07307", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07252", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07229", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07362", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07235", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07239", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07309", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0879" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0879", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0879" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428973", "reference_id": "2428973", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428973" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:37:22Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-02/", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:37:22Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-02/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:37:22Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:37:22Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:37:22Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2004602", "reference_id": "show_bug.cgi?id=2004602", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:37:22Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2004602" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/940802?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940800?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941008?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941007?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941010?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941009?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940804?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940803?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067638?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077499?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-0879" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pemg-ndu8-wbbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62760?format=api", "vulnerability_id": "VCID-qm8f-f8nr-qba9", "summary": "Sandbox escape due to integer overflow in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0880.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0880.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0880", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.0575", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05743", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05533", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05555", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05568", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05595", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05571", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05534", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.055", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05707", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05672", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05509", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05498", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05549", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0880" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0880", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0880" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428975", "reference_id": "2428975", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428975" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:40:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-02/", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:40:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-02/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:40:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:40:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:40:37Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2005014", "reference_id": "show_bug.cgi?id=2005014", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T18:40:37Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2005014" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/940802?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940800?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941008?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941007?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941010?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941009?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940804?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940803?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067638?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077499?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-0880" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qm8f-f8nr-qba9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62757?format=api", "vulnerability_id": "VCID-t2c3-smqc-zkba", "summary": "Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0877.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0877.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0877", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06481", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06468", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06257", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0633", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06335", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06343", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06302", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06278", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06261", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06445", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06429", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06283", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0627", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06318", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0877" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0877", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0877" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428969", "reference_id": "2428969", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428969" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:24:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-02/", "reference_id": "mfsa2026-02", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:24:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-02/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:24:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:24:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:24:18Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1999257", "reference_id": "show_bug.cgi?id=1999257", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:24:18Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1999257" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/940802?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940800?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941008?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941007?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941010?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941009?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940804?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940803?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067638?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077499?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-0877" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t2c3-smqc-zkba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62763?format=api", "vulnerability_id": "VCID-zdxh-fp2e-47dd", "summary": "Information disclosure in the Networking component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0883.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0883.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0883", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03207", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03158", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03101", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03094", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03131", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.031", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03106", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03087", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03165", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03163", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03043", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03034", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03057", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03069", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0883" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0883", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0883" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428968", "reference_id": "2428968", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428968" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "reference_id": "mfsa2026-01", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:46:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "reference_id": "mfsa2026-03", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:46:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "reference_id": "mfsa2026-04", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:46:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "reference_id": "mfsa2026-05", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:46:59Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0667", "reference_id": "RHSA-2026:0667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0694", "reference_id": "RHSA-2026:0694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0924", "reference_id": "RHSA-2026:0924", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1320", "reference_id": "RHSA-2026:1320", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1320" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1413", "reference_id": "RHSA-2026:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1414", "reference_id": "RHSA-2026:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1415", "reference_id": "RHSA-2026:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1461", "reference_id": "RHSA-2026:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1462", "reference_id": "RHSA-2026:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1471", "reference_id": "RHSA-2026:1471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1487", "reference_id": "RHSA-2026:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2041", "reference_id": "RHSA-2026:2041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2043", "reference_id": "RHSA-2026:2043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2044", "reference_id": "RHSA-2026:2044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2047", "reference_id": "RHSA-2026:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2069", "reference_id": "RHSA-2026:2069", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2069" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2070", "reference_id": "RHSA-2026:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2073", "reference_id": "RHSA-2026:2073", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2073" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2074", "reference_id": "RHSA-2026:2074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2220", "reference_id": "RHSA-2026:2220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2231", "reference_id": "RHSA-2026:2231", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2231" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2271", "reference_id": "RHSA-2026:2271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2286", "reference_id": "RHSA-2026:2286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2286" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1989340", "reference_id": "show_bug.cgi?id=1989340", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-13T15:46:59Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1989340" }, { "reference_url": "https://usn.ubuntu.com/7991-1/", "reference_id": "USN-7991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/940802?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940800?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941008?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941007?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941010?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/941009?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.7.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940804?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940803?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067638?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2fqb-r5zb-a7dp" }, { "vulnerability": "VCID-3kv6-c148-nkhq" }, { "vulnerability": "VCID-59d3-343b-e3aw" }, { "vulnerability": "VCID-61r1-arbe-dke4" }, { "vulnerability": "VCID-7jt2-zr49-7ye5" }, { "vulnerability": "VCID-95et-ezmb-buau" }, { "vulnerability": "VCID-9nbw-7c9e-13af" }, { "vulnerability": "VCID-av7u-3g4m-mugm" }, { "vulnerability": "VCID-bwth-uepr-z7a3" }, { "vulnerability": "VCID-cjsm-7gxr-8ygw" }, { "vulnerability": "VCID-d16s-p141-qbft" }, { "vulnerability": "VCID-fxjm-ywug-f3d5" }, { "vulnerability": "VCID-hk2m-rbdy-nqhc" }, { "vulnerability": "VCID-ma29-qa7e-9qb4" }, { "vulnerability": "VCID-nge1-4cvg-zqb2" }, { "vulnerability": "VCID-nyum-jpbc-abew" }, { "vulnerability": "VCID-p6yz-xs58-u3gm" }, { "vulnerability": "VCID-pfmd-zv8f-8bfc" }, { "vulnerability": "VCID-q689-wneh-hbdq" }, { "vulnerability": "VCID-q8qp-5szp-mfe8" }, { "vulnerability": "VCID-ruqn-mk9t-57hb" }, { "vulnerability": "VCID-tv7r-qf2c-dqbm" }, { "vulnerability": "VCID-w98r-yagc-kkec" }, { "vulnerability": "VCID-z6tm-b352-5uhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1077499?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.10.0esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.0esr-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-0883" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zdxh-fp2e-47dd" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.7.0esr-1~deb12u1%3Fdistro=trixie" }