Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/94519?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/94519?format=api", "purl": "pkg:deb/debian/firefox@63.0-1?distro=sid", "type": "deb", "namespace": "debian", "name": "firefox", "version": "63.0-1", "qualifiers": { "distro": "sid" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "64.0-1", "latest_non_vulnerable_version": "151.0.3-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1505?format=api", "vulnerability_id": "VCID-2bmn-k25n-v3f8", "summary": "By rewriting the Host request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12395.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12395.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12395", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01823", "scoring_system": "epss", "scoring_elements": "0.8325", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.01823", "scoring_system": "epss", "scoring_elements": "0.83237", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01823", "scoring_system": "epss", "scoring_elements": "0.83249", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01823", "scoring_system": "epss", "scoring_elements": "0.83222", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01823", "scoring_system": "epss", "scoring_elements": "0.83244", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01823", "scoring_system": "epss", "scoring_elements": "0.83248", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12395" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12389", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12389" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12392", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12392" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12393", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12393" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12395", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12395" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12397", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12397" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642185", "reference_id": "1642185", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642185" }, { "reference_url": "https://security.archlinux.org/ASA-201810-14", "reference_id": "ASA-201810-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201810-14" }, { "reference_url": "https://security.archlinux.org/AVG-787", "reference_id": "AVG-787", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-787" }, { "reference_url": "https://security.gentoo.org/glsa/201811-04", "reference_id": "GLSA-201811-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201811-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-26", "reference_id": "mfsa2018-26", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-26" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-27", "reference_id": "mfsa2018-27", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-27" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3005", "reference_id": "RHSA-2018:3005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3006", "reference_id": "RHSA-2018:3006", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3006" }, { "reference_url": "https://usn.ubuntu.com/3801-1/", "reference_id": "USN-3801-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3801-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/94519?format=api", "purl": "pkg:deb/debian/firefox@63.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@63.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/94464?format=api", "purl": "pkg:deb/debian/firefox@151.0.3-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid" } ], "aliases": [ "CVE-2018-12395" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2bmn-k25n-v3f8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1485?format=api", "vulnerability_id": "VCID-3pet-js6n-gyfe", "summary": "Mozilla developers and community members Christian Holler, Bob Owen, Boris Zbarsky, Calixte Denizet, Jason Kratzer, Jed Davis, Taegeon Lee, Philipp, Ronald Crane, Raul Gurzau, Gary Kwong, Tyson Smith, Raymond Forbes, and Bogdan Tara reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12390.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12390.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12390", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02135", "scoring_system": "epss", "scoring_elements": "0.84515", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.02135", "scoring_system": "epss", "scoring_elements": "0.84504", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02135", "scoring_system": "epss", "scoring_elements": "0.84528", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.02135", "scoring_system": "epss", "scoring_elements": "0.84532", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02135", "scoring_system": "epss", "scoring_elements": "0.84527", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12389", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12389" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12392", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12392" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12393", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12393" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12395", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12395" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12397", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12397" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642180", "reference_id": "1642180", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642180" }, { "reference_url": "https://security.archlinux.org/ASA-201810-14", "reference_id": "ASA-201810-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201810-14" }, { "reference_url": "https://security.archlinux.org/ASA-201811-10", "reference_id": "ASA-201811-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201811-10" }, { "reference_url": "https://security.archlinux.org/AVG-787", "reference_id": "AVG-787", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-787" }, { "reference_url": "https://security.archlinux.org/AVG-803", "reference_id": "AVG-803", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-803" }, { "reference_url": "https://security.gentoo.org/glsa/201811-04", "reference_id": "GLSA-201811-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201811-04" }, { "reference_url": "https://security.gentoo.org/glsa/201811-13", "reference_id": "GLSA-201811-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201811-13" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-26", "reference_id": "mfsa2018-26", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-26" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-27", "reference_id": "mfsa2018-27", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-27" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-28", "reference_id": "mfsa2018-28", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-28" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3005", "reference_id": "RHSA-2018:3005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3006", "reference_id": "RHSA-2018:3006", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3006" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3531", "reference_id": "RHSA-2018:3531", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3531" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3532", "reference_id": "RHSA-2018:3532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3532" }, { "reference_url": "https://usn.ubuntu.com/3801-1/", "reference_id": "USN-3801-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3801-1/" }, { "reference_url": "https://usn.ubuntu.com/3868-1/", "reference_id": "USN-3868-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3868-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/94519?format=api", "purl": "pkg:deb/debian/firefox@63.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@63.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/94464?format=api", "purl": "pkg:deb/debian/firefox@151.0.3-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid" } ], "aliases": [ "CVE-2018-12390" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3pet-js6n-gyfe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1514?format=api", "vulnerability_id": "VCID-9pxs-eg11-4qec", "summary": "Mozilla developers and community members Christian Holler, Dana Keeler, Ronald Crane, Marcia Knous, Tyson Smith, Daniel Veditz, and Steve Fink reported memory safety bugs present in Firefox 62. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12388.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12388.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12388", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62943", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.6294", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62926", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62899", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.62941", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00431", "scoring_system": "epss", "scoring_elements": "0.6295", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12388" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1692663", "reference_id": "1692663", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1692663" }, { "reference_url": "https://security.archlinux.org/ASA-201810-14", "reference_id": "ASA-201810-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201810-14" }, { "reference_url": "https://security.archlinux.org/AVG-787", "reference_id": "AVG-787", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-787" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-26", "reference_id": "mfsa2018-26", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-26" }, { "reference_url": "https://usn.ubuntu.com/3801-1/", "reference_id": "USN-3801-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3801-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/94519?format=api", "purl": "pkg:deb/debian/firefox@63.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@63.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/94464?format=api", "purl": "pkg:deb/debian/firefox@151.0.3-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid" } ], "aliases": [ "CVE-2018-12388" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9pxs-eg11-4qec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1509?format=api", "vulnerability_id": "VCID-9s8d-7dyf-eqcu", "summary": "The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loaded as part of \"Save Page As...\" functionality. For example, a malicious page could recover a visitor's Windows username and NTLM hash by including resources otherwise unreachable to the malicious page, if they can convince the visitor to save the complete web page. Similarly, SameSite cookies are sent on cross-origin requests when the \"Save Page As...\" menu item is selected to save a page, which can result in saving the wrong version of resources based on those cookies.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12402.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12402.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12402", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52934", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.5289", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52867", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52914", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52928", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12402" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1696127", "reference_id": "1696127", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1696127" }, { "reference_url": "https://security.archlinux.org/ASA-201810-14", "reference_id": "ASA-201810-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201810-14" }, { "reference_url": "https://security.archlinux.org/AVG-787", "reference_id": "AVG-787", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-787" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-26", "reference_id": "mfsa2018-26", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-26" }, { "reference_url": "https://usn.ubuntu.com/3801-1/", "reference_id": "USN-3801-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3801-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/94519?format=api", "purl": "pkg:deb/debian/firefox@63.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@63.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/94464?format=api", "purl": "pkg:deb/debian/firefox@151.0.3-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid" } ], "aliases": [ "CVE-2018-12402" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9s8d-7dyf-eqcu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1508?format=api", "vulnerability_id": "VCID-dzp5-hz9r-73hh", "summary": "By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject stylesheets and bypass Content Security Policy (CSP).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12398.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12398.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12398", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42675", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42701", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42665", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42639", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42713", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42724", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12398" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693621", "reference_id": "1693621", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693621" }, { "reference_url": "https://security.archlinux.org/ASA-201810-14", "reference_id": "ASA-201810-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201810-14" }, { "reference_url": "https://security.archlinux.org/AVG-787", "reference_id": "AVG-787", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-787" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-26", "reference_id": "mfsa2018-26", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-26" }, { "reference_url": "https://usn.ubuntu.com/3801-1/", "reference_id": "USN-3801-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3801-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/94519?format=api", "purl": "pkg:deb/debian/firefox@63.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@63.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/94464?format=api", "purl": "pkg:deb/debian/firefox@151.0.3-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid" } ], "aliases": [ "CVE-2018-12398" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dzp5-hz9r-73hh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1510?format=api", "vulnerability_id": "VCID-gfs7-5q12-5ycr", "summary": "When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12399.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12399.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12399", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56423", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56422", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56405", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56372", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56428", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56434", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12399" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693614", "reference_id": "1693614", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693614" }, { "reference_url": "https://security.archlinux.org/ASA-201810-14", "reference_id": "ASA-201810-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201810-14" }, { "reference_url": "https://security.archlinux.org/AVG-787", "reference_id": "AVG-787", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-787" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-26", "reference_id": "mfsa2018-26", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-26" }, { "reference_url": "https://usn.ubuntu.com/3801-1/", "reference_id": "USN-3801-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3801-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/94519?format=api", "purl": "pkg:deb/debian/firefox@63.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@63.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/94464?format=api", "purl": "pkg:deb/debian/firefox@151.0.3-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid" } ], "aliases": [ "CVE-2018-12399" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gfs7-5q12-5ycr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1506?format=api", "vulnerability_id": "VCID-mbjq-bddf-afc3", "summary": "A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12396.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12396.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12396", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72513", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72489", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72522", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72473", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72502", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72515", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12389", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12389" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12392", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12392" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12393", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12393" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12395", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12395" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12397", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12397" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642186", "reference_id": "1642186", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642186" }, { "reference_url": "https://security.archlinux.org/ASA-201810-14", "reference_id": "ASA-201810-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201810-14" }, { "reference_url": "https://security.archlinux.org/AVG-787", "reference_id": "AVG-787", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-787" }, { "reference_url": "https://security.gentoo.org/glsa/201811-04", "reference_id": "GLSA-201811-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201811-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-26", "reference_id": "mfsa2018-26", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-26" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-27", "reference_id": "mfsa2018-27", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-27" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3005", "reference_id": "RHSA-2018:3005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3006", "reference_id": "RHSA-2018:3006", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3006" }, { "reference_url": "https://usn.ubuntu.com/3801-1/", "reference_id": "USN-3801-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3801-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/94519?format=api", "purl": "pkg:deb/debian/firefox@63.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@63.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/94464?format=api", "purl": "pkg:deb/debian/firefox@151.0.3-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid" } ], "aliases": [ "CVE-2018-12396" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mbjq-bddf-afc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1483?format=api", "vulnerability_id": "VCID-mwsp-vbxu-mqdn", "summary": "A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12393.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12393.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12393", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02987", "scoring_system": "epss", "scoring_elements": "0.86816", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.02987", "scoring_system": "epss", "scoring_elements": "0.86804", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.02987", "scoring_system": "epss", "scoring_elements": "0.86818", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02987", "scoring_system": "epss", "scoring_elements": "0.86797", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02987", "scoring_system": "epss", "scoring_elements": "0.86814", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.02987", "scoring_system": "epss", "scoring_elements": "0.8682", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12393" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12389", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12389" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12392", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12392" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12393", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12393" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12395", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12395" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12397", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12397" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642183", "reference_id": "1642183", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642183" }, { "reference_url": "https://security.gentoo.org/glsa/201811-04", "reference_id": "GLSA-201811-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201811-04" }, { "reference_url": "https://security.gentoo.org/glsa/201811-13", "reference_id": "GLSA-201811-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201811-13" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-26", "reference_id": "mfsa2018-26", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-26" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-27", "reference_id": "mfsa2018-27", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-27" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-28", "reference_id": "mfsa2018-28", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-28" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3005", "reference_id": "RHSA-2018:3005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3006", "reference_id": "RHSA-2018:3006", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3006" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3531", "reference_id": "RHSA-2018:3531", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3531" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3532", "reference_id": "RHSA-2018:3532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3532" }, { "reference_url": "https://usn.ubuntu.com/3801-1/", "reference_id": "USN-3801-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3801-1/" }, { "reference_url": "https://usn.ubuntu.com/3868-1/", "reference_id": "USN-3868-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3868-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/94519?format=api", "purl": "pkg:deb/debian/firefox@63.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@63.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/94464?format=api", "purl": "pkg:deb/debian/firefox@151.0.3-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid" } ], "aliases": [ "CVE-2018-12393" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mwsp-vbxu-mqdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1513?format=api", "vulnerability_id": "VCID-u1fk-c5jh-4ydv", "summary": "If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12403.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12403.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12403", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61741", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.6175", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61738", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61723", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61695", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61743", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12403" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1692373", "reference_id": "1692373", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1692373" }, { "reference_url": "https://security.archlinux.org/ASA-201810-14", "reference_id": "ASA-201810-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201810-14" }, { "reference_url": "https://security.archlinux.org/AVG-787", "reference_id": "AVG-787", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-787" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-26", "reference_id": "mfsa2018-26", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-26" }, { "reference_url": "https://usn.ubuntu.com/3801-1/", "reference_id": "USN-3801-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3801-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/94519?format=api", "purl": "pkg:deb/debian/firefox@63.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@63.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/94464?format=api", "purl": "pkg:deb/debian/firefox@151.0.3-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid" } ], "aliases": [ "CVE-2018-12403" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u1fk-c5jh-4ydv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1512?format=api", "vulnerability_id": "VCID-w4pz-897n-8yac", "summary": "Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string. This could lead to denial of service (DOS) attacks.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12401.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12401.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12401", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.73239", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.73228", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.73215", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.73203", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.7324", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.73246", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12401" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693626", "reference_id": "1693626", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693626" }, { "reference_url": "https://security.archlinux.org/ASA-201810-14", "reference_id": "ASA-201810-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201810-14" }, { "reference_url": "https://security.archlinux.org/AVG-787", "reference_id": "AVG-787", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-787" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-26", "reference_id": "mfsa2018-26", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-26" }, { "reference_url": "https://usn.ubuntu.com/3801-1/", "reference_id": "USN-3801-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3801-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/94519?format=api", "purl": "pkg:deb/debian/firefox@63.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@63.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/94464?format=api", "purl": "pkg:deb/debian/firefox@151.0.3-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid" } ], "aliases": [ "CVE-2018-12401" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w4pz-897n-8yac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1507?format=api", "vulnerability_id": "VCID-wvyv-n7c3-vyfu", "summary": "A WebExtension can request access to local files without the warning prompt stating that the extension will \"Access your data for all websites\" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12397.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12397.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12397", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.2159", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21582", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21685", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.2162", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.2164", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21698", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12397" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12389", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12389" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12392", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12392" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12393", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12393" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12395", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12395" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12397", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12397" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642187", "reference_id": "1642187", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642187" }, { "reference_url": "https://security.archlinux.org/ASA-201810-14", "reference_id": "ASA-201810-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201810-14" }, { "reference_url": "https://security.archlinux.org/AVG-787", "reference_id": "AVG-787", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-787" }, { "reference_url": "https://security.gentoo.org/glsa/201811-04", "reference_id": "GLSA-201811-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201811-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-26", "reference_id": "mfsa2018-26", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-26" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-27", "reference_id": "mfsa2018-27", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-27" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3005", "reference_id": "RHSA-2018:3005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3006", "reference_id": "RHSA-2018:3006", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3006" }, { "reference_url": "https://usn.ubuntu.com/3801-1/", "reference_id": "USN-3801-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3801-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/94519?format=api", "purl": "pkg:deb/debian/firefox@63.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@63.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/94464?format=api", "purl": "pkg:deb/debian/firefox@151.0.3-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid" } ], "aliases": [ "CVE-2018-12397" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wvyv-n7c3-vyfu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1482?format=api", "vulnerability_id": "VCID-z1v7-msh8-2qha", "summary": "When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12392.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12392.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12392", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04967", "scoring_system": "epss", "scoring_elements": "0.8988", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.04967", "scoring_system": "epss", "scoring_elements": "0.89849", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04967", "scoring_system": "epss", "scoring_elements": "0.89865", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.04967", "scoring_system": "epss", "scoring_elements": "0.89866", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.04967", "scoring_system": "epss", "scoring_elements": "0.89863", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.04967", "scoring_system": "epss", "scoring_elements": "0.89864", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12392" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12389", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12389" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12392", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12392" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12393", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12393" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12395", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12395" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12396", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12396" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12397", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12397" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642182", "reference_id": "1642182", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642182" }, { "reference_url": "https://security.archlinux.org/ASA-201810-14", "reference_id": "ASA-201810-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201810-14" }, { "reference_url": "https://security.archlinux.org/ASA-201811-10", "reference_id": "ASA-201811-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201811-10" }, { "reference_url": "https://security.archlinux.org/AVG-787", "reference_id": "AVG-787", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-787" }, { "reference_url": "https://security.archlinux.org/AVG-803", "reference_id": "AVG-803", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-803" }, { "reference_url": "https://security.gentoo.org/glsa/201811-04", "reference_id": "GLSA-201811-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201811-04" }, { "reference_url": "https://security.gentoo.org/glsa/201811-13", "reference_id": "GLSA-201811-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201811-13" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-26", "reference_id": "mfsa2018-26", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-26" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-27", "reference_id": "mfsa2018-27", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-27" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-28", "reference_id": "mfsa2018-28", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-28" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3005", "reference_id": "RHSA-2018:3005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3006", "reference_id": "RHSA-2018:3006", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3006" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3531", "reference_id": "RHSA-2018:3531", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3531" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3532", "reference_id": "RHSA-2018:3532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3532" }, { "reference_url": "https://usn.ubuntu.com/3801-1/", "reference_id": "USN-3801-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3801-1/" }, { "reference_url": "https://usn.ubuntu.com/3868-1/", "reference_id": "USN-3868-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3868-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/94519?format=api", "purl": "pkg:deb/debian/firefox@63.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@63.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/94464?format=api", "purl": "pkg:deb/debian/firefox@151.0.3-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid" } ], "aliases": [ "CVE-2018-12392" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z1v7-msh8-2qha" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@63.0-1%3Fdistro=sid" }