{"url":"http://public2.vulnerablecode.io/api/packages/94526?format=json","purl":"pkg:deb/debian/firefox@59.0-1?distro=sid","type":"deb","namespace":"debian","name":"firefox","version":"59.0-1","qualifiers":{"distro":"sid"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"59.0.1-1","latest_non_vulnerable_version":"151.0.3-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1412?format=json","vulnerability_id":"VCID-1vcg-jqmc-hbgv","summary":"Mozilla developers and community members Bob Clary, Olli Pettay, Christian Holler, Nils Ohlmeier, Randell Jesup, Tyson Smith, Ralph Giles, and Philipp reported memory safety bugs present in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5125.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5125.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5125","reference_id":"","reference_type":"","scores":[{"value":"0.01069","scoring_system":"epss","scoring_elements":"0.78095","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01069","scoring_system":"epss","scoring_elements":"0.78077","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01069","scoring_system":"epss","scoring_elements":"0.78092","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01069","scoring_system":"epss","scoring_elements":"0.78064","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01069","scoring_system":"epss","scoring_elements":"0.78099","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01069","scoring_system":"epss","scoring_elements":"0.78089","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5125"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5125","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5125"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5127","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5127"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5130","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5130"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5131","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5144","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5144"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5145","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5145"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1555127","reference_id":"1555127","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1555127"},{"reference_url":"https://security.archlinux.org/ASA-201803-22","reference_id":"ASA-201803-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-22"},{"reference_url":"https://security.archlinux.org/AVG-663","reference_id":"AVG-663","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-663"},{"reference_url":"https://security.gentoo.org/glsa/201811-13","reference_id":"GLSA-201811-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201811-13"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-06","reference_id":"mfsa2018-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-07","reference_id":"mfsa2018-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-09","reference_id":"mfsa2018-09","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-09"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0526","reference_id":"RHSA-2018:0526","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0526"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0527","reference_id":"RHSA-2018:0527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0647","reference_id":"RHSA-2018:0647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0648","reference_id":"RHSA-2018:0648","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0648"},{"reference_url":"https://usn.ubuntu.com/3545-1/","reference_id":"USN-3545-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3545-1/"},{"reference_url":"https://usn.ubuntu.com/3596-1/","reference_id":"USN-3596-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3596-1/"},{"reference_url":"https://usn.ubuntu.com/3688-1/","reference_id":"USN-3688-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3688-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94526?format=json","purl":"pkg:deb/debian/firefox@59.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@59.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/94464?format=json","purl":"pkg:deb/debian/firefox@151.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2018-5125"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1vcg-jqmc-hbgv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1545?format=json","vulnerability_id":"VCID-49e6-a3c8-y3fs","summary":"Image for moz-icons can be accessed through the moz-icon: protocol through script in web content even when otherwise prohibited. This could allow for information leakage of which applications are associated with specific MIME types by a malicious page.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5140","reference_id":"","reference_type":"","scores":[{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.64191","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.64139","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.64183","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.64188","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.6418","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.64168","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5140"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-06","reference_id":"mfsa2018-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-06"},{"reference_url":"https://usn.ubuntu.com/3596-1/","reference_id":"USN-3596-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3596-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94526?format=json","purl":"pkg:deb/debian/firefox@59.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@59.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/94464?format=json","purl":"pkg:deb/debian/firefox@151.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2018-5140"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-49e6-a3c8-y3fs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1409?format=json","vulnerability_id":"VCID-55f6-dyw1-yyhe","summary":"When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5130.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5130.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5130","reference_id":"","reference_type":"","scores":[{"value":"0.01156","scoring_system":"epss","scoring_elements":"0.78914","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01156","scoring_system":"epss","scoring_elements":"0.78917","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01156","scoring_system":"epss","scoring_elements":"0.78907","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01156","scoring_system":"epss","scoring_elements":"0.78896","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01156","scoring_system":"epss","scoring_elements":"0.78883","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01156","scoring_system":"epss","scoring_elements":"0.7891","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5130"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5125","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5125"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5127","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5127"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5130","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5130"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5131","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5144","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5144"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5145","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5145"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1555130","reference_id":"1555130","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1555130"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-06","reference_id":"mfsa2018-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-07","reference_id":"mfsa2018-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0526","reference_id":"RHSA-2018:0526","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0526"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0527","reference_id":"RHSA-2018:0527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0527"},{"reference_url":"https://usn.ubuntu.com/3596-1/","reference_id":"USN-3596-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3596-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94526?format=json","purl":"pkg:deb/debian/firefox@59.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@59.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/94464?format=json","purl":"pkg:deb/debian/firefox@151.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2018-5130"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-55f6-dyw1-yyhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1546?format=json","vulnerability_id":"VCID-6jfz-h35j-bqgk","summary":"A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service (DOS) attack or to display unwanted content from arbitrary URLs to users.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5141","reference_id":"","reference_type":"","scores":[{"value":"0.01071","scoring_system":"epss","scoring_elements":"0.78119","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01071","scoring_system":"epss","scoring_elements":"0.78085","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01071","scoring_system":"epss","scoring_elements":"0.78112","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01071","scoring_system":"epss","scoring_elements":"0.78114","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01071","scoring_system":"epss","scoring_elements":"0.78109","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01071","scoring_system":"epss","scoring_elements":"0.78097","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5141"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-06","reference_id":"mfsa2018-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-06"},{"reference_url":"https://usn.ubuntu.com/3596-1/","reference_id":"USN-3596-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3596-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94526?format=json","purl":"pkg:deb/debian/firefox@59.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@59.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/94464?format=json","purl":"pkg:deb/debian/firefox@151.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2018-5141"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6jfz-h35j-bqgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1543?format=json","vulnerability_id":"VCID-6tey-drhs-37e6","summary":"A legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web page through script. This script does this by using a maliciously crafted path string to reference the resources. *Note: this vulnerability does not affect WebExtensions.*","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5137","reference_id":"","reference_type":"","scores":[{"value":"0.01362","scoring_system":"epss","scoring_elements":"0.80535","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01362","scoring_system":"epss","scoring_elements":"0.80506","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01362","scoring_system":"epss","scoring_elements":"0.80533","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01362","scoring_system":"epss","scoring_elements":"0.80548","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01362","scoring_system":"epss","scoring_elements":"0.80531","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01362","scoring_system":"epss","scoring_elements":"0.80527","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5137"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-06","reference_id":"mfsa2018-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-06"},{"reference_url":"https://usn.ubuntu.com/3596-1/","reference_id":"USN-3596-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3596-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94526?format=json","purl":"pkg:deb/debian/firefox@59.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@59.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/94464?format=json","purl":"pkg:deb/debian/firefox@151.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2018-5137"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6tey-drhs-37e6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1538?format=json","vulnerability_id":"VCID-7gbk-eeum-5qd9","summary":"The Find API for WebExtensions can search some privileged pages, such as about:debugging, if these pages are open in a tab. This could allow a malicious WebExtension to search for otherwise protected data if a user has it open.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5132","reference_id":"","reference_type":"","scores":[{"value":"0.00913","scoring_system":"epss","scoring_elements":"0.76287","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00913","scoring_system":"epss","scoring_elements":"0.76258","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00913","scoring_system":"epss","scoring_elements":"0.76285","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00913","scoring_system":"epss","scoring_elements":"0.76293","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00913","scoring_system":"epss","scoring_elements":"0.7628","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00913","scoring_system":"epss","scoring_elements":"0.76269","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5132"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-06","reference_id":"mfsa2018-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-06"},{"reference_url":"https://usn.ubuntu.com/3596-1/","reference_id":"USN-3596-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3596-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94526?format=json","purl":"pkg:deb/debian/firefox@59.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@59.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/94464?format=json","purl":"pkg:deb/debian/firefox@151.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2018-5132"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7gbk-eeum-5qd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1548?format=json","vulnerability_id":"VCID-d36x-hf2d-nqav","summary":"URLs using javascript: have the protocol removed when pasted into the addressbar to protect users from cross-site scripting (XSS) attacks, but if a tab character is embedded in the javascript: URL the protocol is not removed and the script will execute. This could allow users to be socially engineered to run an XSS attack against themselves.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5143","reference_id":"","reference_type":"","scores":[{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64878","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64826","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64868","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64874","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64867","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64856","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5143"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-06","reference_id":"mfsa2018-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-06"},{"reference_url":"https://usn.ubuntu.com/3596-1/","reference_id":"USN-3596-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3596-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94526?format=json","purl":"pkg:deb/debian/firefox@59.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@59.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/94464?format=json","purl":"pkg:deb/debian/firefox@151.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2018-5143"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d36x-hf2d-nqav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1547?format=json","vulnerability_id":"VCID-d8rr-4h2a-p7f1","summary":"If Media Capture and Streams API permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states \"Unknown protocol\" as the requestee, leading to user confusion about which site is asking for this permission.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5142","reference_id":"","reference_type":"","scores":[{"value":"0.01178","scoring_system":"epss","scoring_elements":"0.79107","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01178","scoring_system":"epss","scoring_elements":"0.79075","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01178","scoring_system":"epss","scoring_elements":"0.79101","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01178","scoring_system":"epss","scoring_elements":"0.79104","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01178","scoring_system":"epss","scoring_elements":"0.79098","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01178","scoring_system":"epss","scoring_elements":"0.79085","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5142"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-06","reference_id":"mfsa2018-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-06"},{"reference_url":"https://usn.ubuntu.com/3596-1/","reference_id":"USN-3596-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3596-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94526?format=json","purl":"pkg:deb/debian/firefox@59.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@59.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/94464?format=json","purl":"pkg:deb/debian/firefox@151.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2018-5142"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d8rr-4h2a-p7f1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1540?format=json","vulnerability_id":"VCID-emsb-2zw6-5ycn","summary":"WebExtensions may use view-source: URLs to view local file: URL content, as well as content stored in about:cache, bypassing restrictions that only allow WebExtensions to view specific content.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5134","reference_id":"","reference_type":"","scores":[{"value":"0.01171","scoring_system":"epss","scoring_elements":"0.79043","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01171","scoring_system":"epss","scoring_elements":"0.79009","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01171","scoring_system":"epss","scoring_elements":"0.79036","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01171","scoring_system":"epss","scoring_elements":"0.79039","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01171","scoring_system":"epss","scoring_elements":"0.79033","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01171","scoring_system":"epss","scoring_elements":"0.79021","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5134"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-06","reference_id":"mfsa2018-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-06"},{"reference_url":"https://usn.ubuntu.com/3596-1/","reference_id":"USN-3596-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3596-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94526?format=json","purl":"pkg:deb/debian/firefox@59.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@59.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/94464?format=json","purl":"pkg:deb/debian/firefox@151.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2018-5134"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-emsb-2zw6-5ycn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1549?format=json","vulnerability_id":"VCID-g5dh-xm3s-wygg","summary":"Mozilla developers and community members Calixte Denizet, Christian Holler, Sebastian Hengst, Jason Kratzer, Tyson Smith, Ryan VanderMeulen, Noemi Erli, Karl Tomlinson, Philipp, Gary Kwong, and Ronald Crane reported memory safety bugs present in Firefox 58. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5126","reference_id":"","reference_type":"","scores":[{"value":"0.02042","scoring_system":"epss","scoring_elements":"0.84182","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02042","scoring_system":"epss","scoring_elements":"0.84155","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02042","scoring_system":"epss","scoring_elements":"0.84179","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02042","scoring_system":"epss","scoring_elements":"0.84178","published_at":"2026-06-09T12:55:00Z"},{"value":"0.02042","scoring_system":"epss","scoring_elements":"0.84177","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02042","scoring_system":"epss","scoring_elements":"0.84166","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5126"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-06","reference_id":"mfsa2018-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-06"},{"reference_url":"https://usn.ubuntu.com/3596-1/","reference_id":"USN-3596-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3596-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94526?format=json","purl":"pkg:deb/debian/firefox@59.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@59.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/94464?format=json","purl":"pkg:deb/debian/firefox@151.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2018-5126"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g5dh-xm3s-wygg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1407?format=json","vulnerability_id":"VCID-j2t7-a23g-zqf8","summary":"A buffer overflow can occur when manipulating the SVG animatedPathSegList through script. This results in a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5127.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5127.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5127","reference_id":"","reference_type":"","scores":[{"value":"0.20177","scoring_system":"epss","scoring_elements":"0.95631","published_at":"2026-06-09T12:55:00Z"},{"value":"0.20177","scoring_system":"epss","scoring_elements":"0.95627","published_at":"2026-06-08T12:55:00Z"},{"value":"0.20177","scoring_system":"epss","scoring_elements":"0.9562","published_at":"2026-06-05T12:55:00Z"},{"value":"0.20177","scoring_system":"epss","scoring_elements":"0.95614","published_at":"2026-06-04T12:55:00Z"},{"value":"0.20177","scoring_system":"epss","scoring_elements":"0.95624","published_at":"2026-06-06T12:55:00Z"},{"value":"0.20177","scoring_system":"epss","scoring_elements":"0.95626","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5127"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5125","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5125"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5127","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5127"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5130","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5130"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5131","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5144","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5144"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5145","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5145"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1555128","reference_id":"1555128","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1555128"},{"reference_url":"https://security.archlinux.org/ASA-201803-22","reference_id":"ASA-201803-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-22"},{"reference_url":"https://security.archlinux.org/AVG-663","reference_id":"AVG-663","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-663"},{"reference_url":"https://security.gentoo.org/glsa/201811-13","reference_id":"GLSA-201811-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201811-13"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-06","reference_id":"mfsa2018-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-07","reference_id":"mfsa2018-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-09","reference_id":"mfsa2018-09","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-09"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0526","reference_id":"RHSA-2018:0526","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0526"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0527","reference_id":"RHSA-2018:0527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0647","reference_id":"RHSA-2018:0647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0648","reference_id":"RHSA-2018:0648","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0648"},{"reference_url":"https://usn.ubuntu.com/3545-1/","reference_id":"USN-3545-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3545-1/"},{"reference_url":"https://usn.ubuntu.com/3596-1/","reference_id":"USN-3596-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3596-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94526?format=json","purl":"pkg:deb/debian/firefox@59.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@59.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/94464?format=json","purl":"pkg:deb/debian/firefox@151.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2018-5127"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j2t7-a23g-zqf8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1410?format=json","vulnerability_id":"VCID-n68h-nzeg-c3ga","summary":"Under certain circumstances the fetch() API can return transient local copies of resources that were sent with a no-store or no-cache cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profile while browsing.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5131.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5131.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5131","reference_id":"","reference_type":"","scores":[{"value":"0.01281","scoring_system":"epss","scoring_elements":"0.79963","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01281","scoring_system":"epss","scoring_elements":"0.79957","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01281","scoring_system":"epss","scoring_elements":"0.79953","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01281","scoring_system":"epss","scoring_elements":"0.79943","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01281","scoring_system":"epss","scoring_elements":"0.79927","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01281","scoring_system":"epss","scoring_elements":"0.79952","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5125","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5125"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5127","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5127"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5130","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5130"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5131","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5144","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5144"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5145","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5145"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1555131","reference_id":"1555131","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1555131"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-06","reference_id":"mfsa2018-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-07","reference_id":"mfsa2018-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0526","reference_id":"RHSA-2018:0526","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0526"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0527","reference_id":"RHSA-2018:0527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0527"},{"reference_url":"https://usn.ubuntu.com/3596-1/","reference_id":"USN-3596-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3596-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94526?format=json","purl":"pkg:deb/debian/firefox@59.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@59.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/94464?format=json","purl":"pkg:deb/debian/firefox@151.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2018-5131"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n68h-nzeg-c3ga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1542?format=json","vulnerability_id":"VCID-nd73-xe3m-mucf","summary":"A shared worker created from a data: URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5136","reference_id":"","reference_type":"","scores":[{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.75385","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.75352","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.75381","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.75388","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.75376","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.75362","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5136"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-06","reference_id":"mfsa2018-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-06"},{"reference_url":"https://usn.ubuntu.com/3596-1/","reference_id":"USN-3596-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3596-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94526?format=json","purl":"pkg:deb/debian/firefox@59.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@59.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/94464?format=json","purl":"pkg:deb/debian/firefox@151.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2018-5136"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nd73-xe3m-mucf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1537?format=json","vulnerability_id":"VCID-nejp-nrps-1bcr","summary":"A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. This results in a potentially exploitable crash.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5128","reference_id":"","reference_type":"","scores":[{"value":"0.01513","scoring_system":"epss","scoring_elements":"0.81568","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01513","scoring_system":"epss","scoring_elements":"0.81538","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01513","scoring_system":"epss","scoring_elements":"0.81566","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01513","scoring_system":"epss","scoring_elements":"0.81575","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01513","scoring_system":"epss","scoring_elements":"0.81567","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01513","scoring_system":"epss","scoring_elements":"0.8156","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5128"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-06","reference_id":"mfsa2018-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-06"},{"reference_url":"https://usn.ubuntu.com/3596-1/","reference_id":"USN-3596-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3596-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94526?format=json","purl":"pkg:deb/debian/firefox@59.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@59.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/94464?format=json","purl":"pkg:deb/debian/firefox@151.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2018-5128"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nejp-nrps-1bcr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1541?format=json","vulnerability_id":"VCID-nqp5-38n8-47gz","summary":"WebExtensions can bypass normal restrictions in some circumstances and use browser.tabs.executeScript to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged about: pages.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5135","reference_id":"","reference_type":"","scores":[{"value":"0.00964","scoring_system":"epss","scoring_elements":"0.76927","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00964","scoring_system":"epss","scoring_elements":"0.76887","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00964","scoring_system":"epss","scoring_elements":"0.76919","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00964","scoring_system":"epss","scoring_elements":"0.76926","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00964","scoring_system":"epss","scoring_elements":"0.76916","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00964","scoring_system":"epss","scoring_elements":"0.76904","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5135"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-06","reference_id":"mfsa2018-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-06"},{"reference_url":"https://usn.ubuntu.com/3596-1/","reference_id":"USN-3596-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3596-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94526?format=json","purl":"pkg:deb/debian/firefox@59.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@59.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/94464?format=json","purl":"pkg:deb/debian/firefox@151.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2018-5135"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nqp5-38n8-47gz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1539?format=json","vulnerability_id":"VCID-yhvb-fyub-jfb8","summary":"If the app.support.baseURL preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads chrome://browser/content/preferences/in-content/preferences.xul directly in a tab and executes a search. This stored preference is also executed whenever an EME video player plugin displays a CDM-disabled message as a notification message.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5133","reference_id":"","reference_type":"","scores":[{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.70967","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.70918","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.7096","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.70961","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.7095","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.70936","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5133"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-06","reference_id":"mfsa2018-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-06"},{"reference_url":"https://usn.ubuntu.com/3596-1/","reference_id":"USN-3596-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3596-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94526?format=json","purl":"pkg:deb/debian/firefox@59.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@59.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/94464?format=json","purl":"pkg:deb/debian/firefox@151.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2018-5133"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yhvb-fyub-jfb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1408?format=json","vulnerability_id":"VCID-zuwx-k59j-zqap","summary":"A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5129.json","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5129.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5129","reference_id":"","reference_type":"","scores":[{"value":"0.02331","scoring_system":"epss","scoring_elements":"0.85154","published_at":"2026-06-09T12:55:00Z"},{"value":"0.02331","scoring_system":"epss","scoring_elements":"0.85141","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02331","scoring_system":"epss","scoring_elements":"0.85152","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02331","scoring_system":"epss","scoring_elements":"0.85127","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02331","scoring_system":"epss","scoring_elements":"0.85157","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02331","scoring_system":"epss","scoring_elements":"0.85151","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5125","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5125"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5127","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5127"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5130","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5130"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5131","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5144","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5144"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5145","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5145"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1555129","reference_id":"1555129","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1555129"},{"reference_url":"https://security.archlinux.org/ASA-201803-22","reference_id":"ASA-201803-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-22"},{"reference_url":"https://security.archlinux.org/AVG-663","reference_id":"AVG-663","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-663"},{"reference_url":"https://security.gentoo.org/glsa/201811-13","reference_id":"GLSA-201811-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201811-13"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-06","reference_id":"mfsa2018-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-07","reference_id":"mfsa2018-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-09","reference_id":"mfsa2018-09","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-09"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0526","reference_id":"RHSA-2018:0526","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0526"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0527","reference_id":"RHSA-2018:0527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0647","reference_id":"RHSA-2018:0647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0648","reference_id":"RHSA-2018:0648","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0648"},{"reference_url":"https://usn.ubuntu.com/3545-1/","reference_id":"USN-3545-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3545-1/"},{"reference_url":"https://usn.ubuntu.com/3596-1/","reference_id":"USN-3596-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3596-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94526?format=json","purl":"pkg:deb/debian/firefox@59.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@59.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/94464?format=json","purl":"pkg:deb/debian/firefox@151.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2018-5129"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zuwx-k59j-zqap"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@59.0-1%3Fdistro=sid"}