{"url":"http://public2.vulnerablecode.io/api/packages/94539?format=json","purl":"pkg:deb/debian/firefox@69.0-1?distro=sid","type":"deb","namespace":"debian","name":"firefox","version":"69.0-1","qualifiers":{"distro":"sid"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"69.0.1-1","latest_non_vulnerable_version":"151.0.3-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1678?format=json","vulnerability_id":"VCID-2wxh-2zyh-1ke4","summary":"If a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly applied to content.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11737.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11737.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11737","reference_id":"","reference_type":"","scores":[{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32406","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32415","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32384","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32414","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32485","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32454","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11737"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1748675","reference_id":"1748675","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1748675"},{"reference_url":"https://security.archlinux.org/ASA-201909-2","reference_id":"ASA-201909-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201909-2"},{"reference_url":"https://security.archlinux.org/AVG-1036","reference_id":"AVG-1036","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1036"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-25","reference_id":"mfsa2019-25","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-25"},{"reference_url":"https://usn.ubuntu.com/4122-1/","reference_id":"USN-4122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4122-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94539?format=json","purl":"pkg:deb/debian/firefox@69.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@69.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/94464?format=json","purl":"pkg:deb/debian/firefox@151.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2019-11737"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2wxh-2zyh-1ke4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1611?format=json","vulnerability_id":"VCID-7skz-3xdx-qfb2","summary":"Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the local machine and the compromised browser would restart without the sandbox if a crash is triggered.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9812.json","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9812.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9812","reference_id":"","reference_type":"","scores":[{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51701","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51682","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51725","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51666","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51735","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51714","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11744","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11744"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11746","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11746"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9812"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1748660","reference_id":"1748660","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1748660"},{"reference_url":"https://security.archlinux.org/ASA-201909-2","reference_id":"ASA-201909-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201909-2"},{"reference_url":"https://security.archlinux.org/AVG-1036","reference_id":"AVG-1036","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1036"},{"reference_url":"https://security.gentoo.org/glsa/201911-07","reference_id":"GLSA-201911-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201911-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-25","reference_id":"mfsa2019-25","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-25"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-26","reference_id":"mfsa2019-26","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-26"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-27","reference_id":"mfsa2019-27","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-27"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2663","reference_id":"RHSA-2019:2663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2694","reference_id":"RHSA-2019:2694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2729","reference_id":"RHSA-2019:2729","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2729"},{"reference_url":"https://usn.ubuntu.com/4122-1/","reference_id":"USN-4122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4122-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94539?format=json","purl":"pkg:deb/debian/firefox@69.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@69.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/94464?format=json","purl":"pkg:deb/debian/firefox@151.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2019-9812"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7skz-3xdx-qfb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1608?format=json","vulnerability_id":"VCID-a7f4-e11n-nudj","summary":"A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11742.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11742.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11742","reference_id":"","reference_type":"","scores":[{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67606","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67569","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.6761","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67617","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67607","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67591","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11744","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11744"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11746","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11746"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9812"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1748653","reference_id":"1748653","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1748653"},{"reference_url":"https://security.archlinux.org/ASA-201909-2","reference_id":"ASA-201909-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201909-2"},{"reference_url":"https://security.archlinux.org/AVG-1036","reference_id":"AVG-1036","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1036"},{"reference_url":"https://security.gentoo.org/glsa/201911-07","reference_id":"GLSA-201911-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201911-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-25","reference_id":"mfsa2019-25","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-25"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-26","reference_id":"mfsa2019-26","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-26"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-27","reference_id":"mfsa2019-27","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-27"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-29","reference_id":"mfsa2019-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-29"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-30","reference_id":"mfsa2019-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-30"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2663","reference_id":"RHSA-2019:2663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2694","reference_id":"RHSA-2019:2694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2729","reference_id":"RHSA-2019:2729","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2729"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2773","reference_id":"RHSA-2019:2773","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2773"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2774","reference_id":"RHSA-2019:2774","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2774"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2807","reference_id":"RHSA-2019:2807","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2807"},{"reference_url":"https://usn.ubuntu.com/4122-1/","reference_id":"USN-4122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4122-1/"},{"reference_url":"https://usn.ubuntu.com/4150-1/","reference_id":"USN-4150-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4150-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94539?format=json","purl":"pkg:deb/debian/firefox@69.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@69.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/94464?format=json","purl":"pkg:deb/debian/firefox@151.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2019-11742"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a7f4-e11n-nudj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1653?format=json","vulnerability_id":"VCID-ahyy-dnwx-hkgq","summary":"The \"Forget about this site\" feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. This includes removing any HTTP Strict Transport Security (HSTS) settings received from sites that use it. Due to a bug, sites on the pre-load list also have their HSTS setting removed. On the next visit to that site if the user specifies an http: URL rather than secure https: they will not be protected by the pre-loaded HSTS setting. After that visit the site's HSTS setting will be restored.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11747.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11747.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11747","reference_id":"","reference_type":"","scores":[{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57931","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57913","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57938","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57877","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57926","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.5793","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11747"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11747"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1748664","reference_id":"1748664","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1748664"},{"reference_url":"https://security.archlinux.org/ASA-201909-2","reference_id":"ASA-201909-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201909-2"},{"reference_url":"https://security.archlinux.org/AVG-1036","reference_id":"AVG-1036","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1036"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-25","reference_id":"mfsa2019-25","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-25"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-26","reference_id":"mfsa2019-26","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-26"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2663","reference_id":"RHSA-2019:2663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2663"},{"reference_url":"https://usn.ubuntu.com/4122-1/","reference_id":"USN-4122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4122-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94539?format=json","purl":"pkg:deb/debian/firefox@69.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@69.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/94464?format=json","purl":"pkg:deb/debian/firefox@151.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2019-11747"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ahyy-dnwx-hkgq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1610?format=json","vulnerability_id":"VCID-bcec-844m-17er","summary":"It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11752.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11752.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11752","reference_id":"","reference_type":"","scores":[{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.73237","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.73225","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.73261","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.73267","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.73249","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11744","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11744"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11746","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11746"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9812"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1748657","reference_id":"1748657","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1748657"},{"reference_url":"https://security.archlinux.org/ASA-201909-2","reference_id":"ASA-201909-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201909-2"},{"reference_url":"https://security.archlinux.org/AVG-1036","reference_id":"AVG-1036","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1036"},{"reference_url":"https://security.gentoo.org/glsa/201911-07","reference_id":"GLSA-201911-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201911-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-25","reference_id":"mfsa2019-25","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-25"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-26","reference_id":"mfsa2019-26","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-26"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-27","reference_id":"mfsa2019-27","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-27"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-29","reference_id":"mfsa2019-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-29"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-30","reference_id":"mfsa2019-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-30"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2663","reference_id":"RHSA-2019:2663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2694","reference_id":"RHSA-2019:2694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2729","reference_id":"RHSA-2019:2729","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2729"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2773","reference_id":"RHSA-2019:2773","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2773"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2774","reference_id":"RHSA-2019:2774","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2774"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2807","reference_id":"RHSA-2019:2807","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2807"},{"reference_url":"https://usn.ubuntu.com/4122-1/","reference_id":"USN-4122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4122-1/"},{"reference_url":"https://usn.ubuntu.com/4150-1/","reference_id":"USN-4150-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4150-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94539?format=json","purl":"pkg:deb/debian/firefox@69.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@69.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/94464?format=json","purl":"pkg:deb/debian/firefox@151.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2019-11752"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bcec-844m-17er"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1676?format=json","vulnerability_id":"VCID-c8zu-jpst-7yd4","summary":"A compromised sandboxed content process can perform a Universal Cross-site Scripting (UXSS) attack on content from any site it can cause to be loaded in the same process. Because addons.mozilla.org and accounts.firefox.com have close ties to the Firefox product, malicious manipulation of these sites within the browser can potentially be used to modify a user's Firefox configuration. These two sites will now be isolated into their own process and not allowed to be loaded in a standard content process.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11741.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11741.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11741","reference_id":"","reference_type":"","scores":[{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47815","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47833","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47804","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47785","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47848","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47852","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11741"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1748673","reference_id":"1748673","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1748673"},{"reference_url":"https://security.archlinux.org/ASA-201909-2","reference_id":"ASA-201909-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201909-2"},{"reference_url":"https://security.archlinux.org/AVG-1036","reference_id":"AVG-1036","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1036"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-25","reference_id":"mfsa2019-25","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-25"},{"reference_url":"https://usn.ubuntu.com/4122-1/","reference_id":"USN-4122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4122-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94539?format=json","purl":"pkg:deb/debian/firefox@69.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@69.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/94464?format=json","purl":"pkg:deb/debian/firefox@151.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2019-11741"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c8zu-jpst-7yd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1613?format=json","vulnerability_id":"VCID-gus7-632r-pbe8","summary":"Mozilla developers and community members Tyson Smith and Nathan Froyd reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11740.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11740.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11740","reference_id":"","reference_type":"","scores":[{"value":"0.0152","scoring_system":"epss","scoring_elements":"0.81608","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0152","scoring_system":"epss","scoring_elements":"0.8157","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0152","scoring_system":"epss","scoring_elements":"0.81599","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0152","scoring_system":"epss","scoring_elements":"0.81601","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0152","scoring_system":"epss","scoring_elements":"0.81592","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11744","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11744"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11746","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11746"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9812"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1748652","reference_id":"1748652","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1748652"},{"reference_url":"https://security.archlinux.org/ASA-201909-2","reference_id":"ASA-201909-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201909-2"},{"reference_url":"https://security.archlinux.org/AVG-1036","reference_id":"AVG-1036","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1036"},{"reference_url":"https://security.gentoo.org/glsa/201911-07","reference_id":"GLSA-201911-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201911-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-25","reference_id":"mfsa2019-25","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-25"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-26","reference_id":"mfsa2019-26","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-26"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-27","reference_id":"mfsa2019-27","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-27"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-29","reference_id":"mfsa2019-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-29"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-30","reference_id":"mfsa2019-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-30"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2663","reference_id":"RHSA-2019:2663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2694","reference_id":"RHSA-2019:2694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2729","reference_id":"RHSA-2019:2729","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2729"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2773","reference_id":"RHSA-2019:2773","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2773"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2774","reference_id":"RHSA-2019:2774","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2774"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2807","reference_id":"RHSA-2019:2807","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2807"},{"reference_url":"https://usn.ubuntu.com/4122-1/","reference_id":"USN-4122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4122-1/"},{"reference_url":"https://usn.ubuntu.com/4150-1/","reference_id":"USN-4150-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4150-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94539?format=json","purl":"pkg:deb/debian/firefox@69.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@69.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/94464?format=json","purl":"pkg:deb/debian/firefox@151.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2019-11740"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gus7-632r-pbe8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1649?format=json","vulnerability_id":"VCID-hmhw-rwg5-nkaf","summary":"WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in other software, a decision was made to no longer persist these permissions. This avoids the possibility of trusted WebRTC resources being invisibly embedded in web content and abusing permissions previously given by users. Users will now be prompted for permissions on each use.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11748.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11748.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11748","reference_id":"","reference_type":"","scores":[{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53666","published_at":"2026-06-05T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53639","published_at":"2026-06-08T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53662","published_at":"2026-06-09T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53608","published_at":"2026-06-04T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53675","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11748"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1748665","reference_id":"1748665","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1748665"},{"reference_url":"https://security.archlinux.org/ASA-201909-2","reference_id":"ASA-201909-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201909-2"},{"reference_url":"https://security.archlinux.org/AVG-1036","reference_id":"AVG-1036","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1036"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-25","reference_id":"mfsa2019-25","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-25"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-26","reference_id":"mfsa2019-26","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-26"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2663","reference_id":"RHSA-2019:2663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2663"},{"reference_url":"https://usn.ubuntu.com/4122-1/","reference_id":"USN-4122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4122-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94539?format=json","purl":"pkg:deb/debian/firefox@69.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@69.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/94464?format=json","purl":"pkg:deb/debian/firefox@151.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2019-11748"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hmhw-rwg5-nkaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1650?format=json","vulnerability_id":"VCID-huuy-2tmx-5qfw","summary":"A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggering a user prompt or notification. This allows for the potential fingerprinting of users.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11749.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11749.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11749","reference_id":"","reference_type":"","scores":[{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.59152","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.59136","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.59162","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.5911","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.59154","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.59158","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11749"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1748666","reference_id":"1748666","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1748666"},{"reference_url":"https://security.archlinux.org/ASA-201909-2","reference_id":"ASA-201909-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201909-2"},{"reference_url":"https://security.archlinux.org/AVG-1036","reference_id":"AVG-1036","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1036"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-25","reference_id":"mfsa2019-25","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-25"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-26","reference_id":"mfsa2019-26","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-26"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2663","reference_id":"RHSA-2019:2663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2663"},{"reference_url":"https://usn.ubuntu.com/4122-1/","reference_id":"USN-4122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4122-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94539?format=json","purl":"pkg:deb/debian/firefox@69.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@69.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/94464?format=json","purl":"pkg:deb/debian/firefox@151.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2019-11749"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-huuy-2tmx-5qfw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1654?format=json","vulnerability_id":"VCID-n2q8-gxpe-z7hs","summary":"Mozilla developers and community members Mikhail Gavrilov, Tyson Smith, Marcia Knous, Tom Ritter, Philipp, and Bob Owens reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11735.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11735.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11735","reference_id":"","reference_type":"","scores":[{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64363","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64342","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64365","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64311","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64353","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64356","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11735"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11735","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11735"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1748661","reference_id":"1748661","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1748661"},{"reference_url":"https://security.archlinux.org/ASA-201909-2","reference_id":"ASA-201909-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201909-2"},{"reference_url":"https://security.archlinux.org/AVG-1036","reference_id":"AVG-1036","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1036"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-25","reference_id":"mfsa2019-25","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-25"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-26","reference_id":"mfsa2019-26","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-26"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2663","reference_id":"RHSA-2019:2663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2663"},{"reference_url":"https://usn.ubuntu.com/4122-1/","reference_id":"USN-4122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4122-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94539?format=json","purl":"pkg:deb/debian/firefox@69.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@69.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/94464?format=json","purl":"pkg:deb/debian/firefox@151.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2019-11735"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n2q8-gxpe-z7hs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1677?format=json","vulnerability_id":"VCID-pdnj-utqg-bbdy","summary":"An out-of-bounds read vulnerability exists in the Skia graphics library, allowing for the possible leaking of data from memory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5849.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5849.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5849","reference_id":"","reference_type":"","scores":[{"value":"0.00486","scoring_system":"epss","scoring_elements":"0.65788","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00486","scoring_system":"epss","scoring_elements":"0.65779","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00486","scoring_system":"epss","scoring_elements":"0.65768","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00486","scoring_system":"epss","scoring_elements":"0.65727","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00486","scoring_system":"epss","scoring_elements":"0.6578","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00486","scoring_system":"epss","scoring_elements":"0.65792","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5849"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13698","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13698"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5805","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5805"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5806","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5806"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5807"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5808","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5808"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5810","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5810"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5811","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5811"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5813","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5814","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5815","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5815"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5818","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5818"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5819","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5819"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5820","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5820"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5821","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5821"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5822","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5822"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5823","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5823"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5824","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5824"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5825","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5825"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5826","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5826"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5832","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5832"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5836"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5839"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5840","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5840"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5841","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5841"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5842","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5842"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5843","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5847","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5847"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5848","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5848"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5849","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5849"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5850","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5850"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5851","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5851"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5852","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5852"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5853","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5853"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5854","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5854"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5856","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5856"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5857","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5857"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5858","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5858"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5859","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5859"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5860","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5860"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5861","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5861"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5862","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5862"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5864","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5864"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5865"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6504"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1748674","reference_id":"1748674","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1748674"},{"reference_url":"https://security.archlinux.org/ASA-201909-2","reference_id":"ASA-201909-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201909-2"},{"reference_url":"https://security.archlinux.org/AVG-1036","reference_id":"AVG-1036","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1036"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-25","reference_id":"mfsa2019-25","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-25"},{"reference_url":"https://usn.ubuntu.com/4122-1/","reference_id":"USN-4122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4122-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94539?format=json","purl":"pkg:deb/debian/firefox@69.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@69.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/94464?format=json","purl":"pkg:deb/debian/firefox@151.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2019-5849"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pdnj-utqg-bbdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1612?format=json","vulnerability_id":"VCID-q8zd-91dy-x7cx","summary":"Navigation events were not fully adhering to the W3C's \"Navigation-Timing Level 2\" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin information exposure of history through timing side-channel attacks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11743.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11743.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11743","reference_id":"","reference_type":"","scores":[{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.76403","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.76371","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.76399","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.764","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.76391","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.7638","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11744","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11744"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11746","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11746"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9812"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1748654","reference_id":"1748654","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1748654"},{"reference_url":"https://security.archlinux.org/ASA-201909-2","reference_id":"ASA-201909-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201909-2"},{"reference_url":"https://security.archlinux.org/AVG-1036","reference_id":"AVG-1036","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1036"},{"reference_url":"https://security.gentoo.org/glsa/201911-07","reference_id":"GLSA-201911-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201911-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-25","reference_id":"mfsa2019-25","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-25"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-26","reference_id":"mfsa2019-26","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-26"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-27","reference_id":"mfsa2019-27","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-27"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-29","reference_id":"mfsa2019-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-29"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-30","reference_id":"mfsa2019-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-30"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2663","reference_id":"RHSA-2019:2663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2694","reference_id":"RHSA-2019:2694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2729","reference_id":"RHSA-2019:2729","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2729"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2773","reference_id":"RHSA-2019:2773","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2773"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2774","reference_id":"RHSA-2019:2774","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2774"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2807","reference_id":"RHSA-2019:2807","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2807"},{"reference_url":"https://usn.ubuntu.com/4122-1/","reference_id":"USN-4122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4122-1/"},{"reference_url":"https://usn.ubuntu.com/4150-1/","reference_id":"USN-4150-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4150-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94539?format=json","purl":"pkg:deb/debian/firefox@69.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@69.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/94464?format=json","purl":"pkg:deb/debian/firefox@151.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2019-11743"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q8zd-91dy-x7cx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1607?format=json","vulnerability_id":"VCID-rkqd-sddx-dqc6","summary":"Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if a site does not filter user input as strictly for these elements as it does for other elements.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11744.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11744.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11744","reference_id":"","reference_type":"","scores":[{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71734","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71703","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71744","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.7175","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71726","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71712","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11744"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11744","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11744"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11746","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11746"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9812"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1748655","reference_id":"1748655","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1748655"},{"reference_url":"https://security.archlinux.org/ASA-201909-2","reference_id":"ASA-201909-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201909-2"},{"reference_url":"https://security.archlinux.org/AVG-1036","reference_id":"AVG-1036","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1036"},{"reference_url":"https://security.gentoo.org/glsa/201911-07","reference_id":"GLSA-201911-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201911-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-25","reference_id":"mfsa2019-25","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-25"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-26","reference_id":"mfsa2019-26","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-26"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-27","reference_id":"mfsa2019-27","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-27"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-29","reference_id":"mfsa2019-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-29"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-30","reference_id":"mfsa2019-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-30"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2663","reference_id":"RHSA-2019:2663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2694","reference_id":"RHSA-2019:2694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2729","reference_id":"RHSA-2019:2729","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2729"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2773","reference_id":"RHSA-2019:2773","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2773"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2774","reference_id":"RHSA-2019:2774","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2774"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2807","reference_id":"RHSA-2019:2807","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2807"},{"reference_url":"https://usn.ubuntu.com/4122-1/","reference_id":"USN-4122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4122-1/"},{"reference_url":"https://usn.ubuntu.com/4150-1/","reference_id":"USN-4150-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4150-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94539?format=json","purl":"pkg:deb/debian/firefox@69.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@69.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/94464?format=json","purl":"pkg:deb/debian/firefox@151.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2019-11744"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rkqd-sddx-dqc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1652?format=json","vulnerability_id":"VCID-w5m4-671n-qkfx","summary":"If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11738.json","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11738.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11738","reference_id":"","reference_type":"","scores":[{"value":"0.00585","scoring_system":"epss","scoring_elements":"0.69469","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00585","scoring_system":"epss","scoring_elements":"0.6945","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00585","scoring_system":"epss","scoring_elements":"0.69471","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00585","scoring_system":"epss","scoring_elements":"0.69423","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00585","scoring_system":"epss","scoring_elements":"0.69461","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00585","scoring_system":"epss","scoring_elements":"0.69463","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11738"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1748663","reference_id":"1748663","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1748663"},{"reference_url":"https://security.archlinux.org/ASA-201909-2","reference_id":"ASA-201909-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201909-2"},{"reference_url":"https://security.archlinux.org/AVG-1036","reference_id":"AVG-1036","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1036"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-25","reference_id":"mfsa2019-25","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-25"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-26","reference_id":"mfsa2019-26","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-26"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2663","reference_id":"RHSA-2019:2663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2663"},{"reference_url":"https://usn.ubuntu.com/4122-1/","reference_id":"USN-4122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4122-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94539?format=json","purl":"pkg:deb/debian/firefox@69.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@69.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/94464?format=json","purl":"pkg:deb/debian/firefox@151.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2019-11738"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w5m4-671n-qkfx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1679?format=json","vulnerability_id":"VCID-xn4h-9ze2-3yft","summary":"Mozilla developers and community members Randell Jesup, Philipp, Cosmin Sabou, and Natalia Csoregi reported memory safety bugs present in Firefox 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11734.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11734.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11734","reference_id":"","reference_type":"","scores":[{"value":"0.00434","scoring_system":"epss","scoring_elements":"0.63188","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00434","scoring_system":"epss","scoring_elements":"0.63184","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00434","scoring_system":"epss","scoring_elements":"0.6317","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00434","scoring_system":"epss","scoring_elements":"0.63141","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00434","scoring_system":"epss","scoring_elements":"0.63185","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00434","scoring_system":"epss","scoring_elements":"0.63194","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11734"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1748676","reference_id":"1748676","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1748676"},{"reference_url":"https://security.archlinux.org/ASA-201909-2","reference_id":"ASA-201909-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201909-2"},{"reference_url":"https://security.archlinux.org/AVG-1036","reference_id":"AVG-1036","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1036"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-25","reference_id":"mfsa2019-25","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-25"},{"reference_url":"https://usn.ubuntu.com/4122-1/","reference_id":"USN-4122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4122-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94539?format=json","purl":"pkg:deb/debian/firefox@69.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@69.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/94464?format=json","purl":"pkg:deb/debian/firefox@151.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2019-11734"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xn4h-9ze2-3yft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1606?format=json","vulnerability_id":"VCID-y916-adxe-hkab","summary":"A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11746.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11746.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11746","reference_id":"","reference_type":"","scores":[{"value":"0.0066","scoring_system":"epss","scoring_elements":"0.71526","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0066","scoring_system":"epss","scoring_elements":"0.71493","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0066","scoring_system":"epss","scoring_elements":"0.71537","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0066","scoring_system":"epss","scoring_elements":"0.71543","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0066","scoring_system":"epss","scoring_elements":"0.71519","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0066","scoring_system":"epss","scoring_elements":"0.71503","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11746"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11744","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11744"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11746","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11746"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9812"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1748656","reference_id":"1748656","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1748656"},{"reference_url":"https://security.archlinux.org/ASA-201909-2","reference_id":"ASA-201909-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201909-2"},{"reference_url":"https://security.archlinux.org/AVG-1036","reference_id":"AVG-1036","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1036"},{"reference_url":"https://security.gentoo.org/glsa/201911-07","reference_id":"GLSA-201911-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201911-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-25","reference_id":"mfsa2019-25","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-25"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-26","reference_id":"mfsa2019-26","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-26"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-27","reference_id":"mfsa2019-27","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-27"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-29","reference_id":"mfsa2019-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-29"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-30","reference_id":"mfsa2019-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-30"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2663","reference_id":"RHSA-2019:2663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2694","reference_id":"RHSA-2019:2694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2729","reference_id":"RHSA-2019:2729","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2729"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2773","reference_id":"RHSA-2019:2773","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2773"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2774","reference_id":"RHSA-2019:2774","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2774"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2807","reference_id":"RHSA-2019:2807","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2807"},{"reference_url":"https://usn.ubuntu.com/4122-1/","reference_id":"USN-4122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4122-1/"},{"reference_url":"https://usn.ubuntu.com/4150-1/","reference_id":"USN-4150-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4150-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94539?format=json","purl":"pkg:deb/debian/firefox@69.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@69.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/94464?format=json","purl":"pkg:deb/debian/firefox@151.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2019-11746"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y916-adxe-hkab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1651?format=json","vulnerability_id":"VCID-yr2r-ca9n-w7bw","summary":"A type confusion vulnerability exists in Spidermonkey, which results in a non-exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11750.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11750.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11750","reference_id":"","reference_type":"","scores":[{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59511","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59494","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59522","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59468","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59513","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59518","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11750"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1748667","reference_id":"1748667","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1748667"},{"reference_url":"https://security.archlinux.org/ASA-201909-2","reference_id":"ASA-201909-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201909-2"},{"reference_url":"https://security.archlinux.org/AVG-1036","reference_id":"AVG-1036","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1036"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-25","reference_id":"mfsa2019-25","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-25"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-26","reference_id":"mfsa2019-26","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-26"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2663","reference_id":"RHSA-2019:2663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2663"},{"reference_url":"https://usn.ubuntu.com/4122-1/","reference_id":"USN-4122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4122-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94539?format=json","purl":"pkg:deb/debian/firefox@69.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@69.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/94464?format=json","purl":"pkg:deb/debian/firefox@151.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2019-11750"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yr2r-ca9n-w7bw"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@69.0-1%3Fdistro=sid"}