Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/firefox-esr@102.2.0esr-1?distro=trixie
Typedeb
Namespacedebian
Namefirefox-esr
Version102.2.0esr-1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version102.3.0esr-1~deb11u1
Latest_non_vulnerable_version140.11.0esr-1~deb13u1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-37gr-ngpz-jkfu
vulnerability_id VCID-37gr-ngpz-jkfu
summary Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38477.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38477.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-38477
reference_id
reference_type
scores
0
value 0.00199
scoring_system epss
scoring_elements 0.41922
published_at 2026-06-05T12:55:00Z
1
value 0.00199
scoring_system epss
scoring_elements 0.41931
published_at 2026-06-06T12:55:00Z
2
value 0.00199
scoring_system epss
scoring_elements 0.41867
published_at 2026-06-08T12:55:00Z
3
value 0.00199
scoring_system epss
scoring_elements 0.41846
published_at 2026-06-04T12:55:00Z
4
value 0.00199
scoring_system epss
scoring_elements 0.41903
published_at 2026-06-07T12:55:00Z
5
value 0.00199
scoring_system epss
scoring_elements 0.41876
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-38477
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2120695
reference_id 2120695
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2120695
4
reference_url https://bugzilla.mozilla.org/buglist.cgi?bug_id=1760611%2C1770219%2C1771159%2C1773363
reference_id buglist.cgi?bug_id=1760611%2C1770219%2C1771159%2C1773363
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T17:21:30Z/
url https://bugzilla.mozilla.org/buglist.cgi?bug_id=1760611%2C1770219%2C1771159%2C1773363
5
reference_url https://security.gentoo.org/glsa/202208-37
reference_id GLSA-202208-37
reference_type
scores
url https://security.gentoo.org/glsa/202208-37
6
reference_url https://security.gentoo.org/glsa/202208-38
reference_id GLSA-202208-38
reference_type
scores
url https://security.gentoo.org/glsa/202208-38
7
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2022-33
reference_id mfsa2022-33
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2022-33
8
reference_url https://www.mozilla.org/security/advisories/mfsa2022-33/
reference_id mfsa2022-33
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T17:21:30Z/
url https://www.mozilla.org/security/advisories/mfsa2022-33/
9
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2022-34
reference_id mfsa2022-34
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2022-34
10
reference_url https://www.mozilla.org/security/advisories/mfsa2022-34/
reference_id mfsa2022-34
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T17:21:30Z/
url https://www.mozilla.org/security/advisories/mfsa2022-34/
11
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2022-36
reference_id mfsa2022-36
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2022-36
12
reference_url https://www.mozilla.org/security/advisories/mfsa2022-36/
reference_id mfsa2022-36
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T17:21:30Z/
url https://www.mozilla.org/security/advisories/mfsa2022-36/
13
reference_url https://access.redhat.com/errata/RHSA-2022:6164
reference_id RHSA-2022:6164
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6164
14
reference_url https://access.redhat.com/errata/RHSA-2022:6165
reference_id RHSA-2022:6165
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6165
15
reference_url https://access.redhat.com/errata/RHSA-2022:6166
reference_id RHSA-2022:6166
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6166
16
reference_url https://access.redhat.com/errata/RHSA-2022:6167
reference_id RHSA-2022:6167
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6167
17
reference_url https://access.redhat.com/errata/RHSA-2022:6168
reference_id RHSA-2022:6168
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6168
18
reference_url https://access.redhat.com/errata/RHSA-2022:6169
reference_id RHSA-2022:6169
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6169
19
reference_url https://access.redhat.com/errata/RHSA-2022:6174
reference_id RHSA-2022:6174
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6174
20
reference_url https://access.redhat.com/errata/RHSA-2022:6175
reference_id RHSA-2022:6175
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6175
21
reference_url https://access.redhat.com/errata/RHSA-2022:6176
reference_id RHSA-2022:6176
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6176
22
reference_url https://access.redhat.com/errata/RHSA-2022:6177
reference_id RHSA-2022:6177
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6177
23
reference_url https://access.redhat.com/errata/RHSA-2022:6178
reference_id RHSA-2022:6178
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6178
24
reference_url https://access.redhat.com/errata/RHSA-2022:6179
reference_id RHSA-2022:6179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6179
25
reference_url https://usn.ubuntu.com/5581-1/
reference_id USN-5581-1
reference_type
scores
url https://usn.ubuntu.com/5581-1/
26
reference_url https://usn.ubuntu.com/5663-1/
reference_id USN-5663-1
reference_type
scores
url https://usn.ubuntu.com/5663-1/
fixed_packages
0
url pkg:deb/debian/firefox-esr@0?distro=trixie
purl pkg:deb/debian/firefox-esr@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@0%3Fdistro=trixie
1
url pkg:deb/debian/firefox-esr@102.2.0esr-1?distro=trixie
purl pkg:deb/debian/firefox-esr@102.2.0esr-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@102.2.0esr-1%3Fdistro=trixie
2
url pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
purl pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1%3Fdistro=trixie
3
url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie
purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ghpk-c1e6-pkae
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1%3Fdistro=trixie
4
url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie
purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ghpk-c1e6-pkae
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1%3Fdistro=trixie
5
url pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie
purl pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ghpk-c1e6-pkae
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.11.0esr-1%3Fdistro=trixie
aliases CVE-2022-38477
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-37gr-ngpz-jkfu
1
url VCID-3ezr-d5gb-abf1
vulnerability_id VCID-3ezr-d5gb-abf1
summary A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38473.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38473.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-38473
reference_id
reference_type
scores
0
value 0.00251
scoring_system epss
scoring_elements 0.48717
published_at 2026-06-05T12:55:00Z
1
value 0.00251
scoring_system epss
scoring_elements 0.48726
published_at 2026-06-06T12:55:00Z
2
value 0.00251
scoring_system epss
scoring_elements 0.48707
published_at 2026-06-07T12:55:00Z
3
value 0.00251
scoring_system epss
scoring_elements 0.48678
published_at 2026-06-08T12:55:00Z
4
value 0.00251
scoring_system epss
scoring_elements 0.48693
published_at 2026-06-09T12:55:00Z
5
value 0.00251
scoring_system epss
scoring_elements 0.48656
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-38473
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38472
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38472
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38473
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38473
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38478
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38478
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2120674
reference_id 2120674
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2120674
7
reference_url https://security.gentoo.org/glsa/202208-37
reference_id GLSA-202208-37
reference_type
scores
url https://security.gentoo.org/glsa/202208-37
8
reference_url https://security.gentoo.org/glsa/202208-38
reference_id GLSA-202208-38
reference_type
scores
url https://security.gentoo.org/glsa/202208-38
9
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2022-33
reference_id mfsa2022-33
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2022-33
10
reference_url https://www.mozilla.org/security/advisories/mfsa2022-33/
reference_id mfsa2022-33
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T16:13:59Z/
url https://www.mozilla.org/security/advisories/mfsa2022-33/
11
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2022-34
reference_id mfsa2022-34
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2022-34
12
reference_url https://www.mozilla.org/security/advisories/mfsa2022-34/
reference_id mfsa2022-34
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T16:13:59Z/
url https://www.mozilla.org/security/advisories/mfsa2022-34/
13
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2022-35
reference_id mfsa2022-35
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2022-35
14
reference_url https://www.mozilla.org/security/advisories/mfsa2022-35/
reference_id mfsa2022-35
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T16:13:59Z/
url https://www.mozilla.org/security/advisories/mfsa2022-35/
15
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2022-36
reference_id mfsa2022-36
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2022-36
16
reference_url https://www.mozilla.org/security/advisories/mfsa2022-36/
reference_id mfsa2022-36
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T16:13:59Z/
url https://www.mozilla.org/security/advisories/mfsa2022-36/
17
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2022-37
reference_id mfsa2022-37
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2022-37
18
reference_url https://www.mozilla.org/security/advisories/mfsa2022-37/
reference_id mfsa2022-37
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T16:13:59Z/
url https://www.mozilla.org/security/advisories/mfsa2022-37/
19
reference_url https://access.redhat.com/errata/RHSA-2022:6164
reference_id RHSA-2022:6164
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6164
20
reference_url https://access.redhat.com/errata/RHSA-2022:6165
reference_id RHSA-2022:6165
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6165
21
reference_url https://access.redhat.com/errata/RHSA-2022:6166
reference_id RHSA-2022:6166
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6166
22
reference_url https://access.redhat.com/errata/RHSA-2022:6167
reference_id RHSA-2022:6167
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6167
23
reference_url https://access.redhat.com/errata/RHSA-2022:6168
reference_id RHSA-2022:6168
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6168
24
reference_url https://access.redhat.com/errata/RHSA-2022:6169
reference_id RHSA-2022:6169
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6169
25
reference_url https://access.redhat.com/errata/RHSA-2022:6174
reference_id RHSA-2022:6174
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6174
26
reference_url https://access.redhat.com/errata/RHSA-2022:6175
reference_id RHSA-2022:6175
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6175
27
reference_url https://access.redhat.com/errata/RHSA-2022:6176
reference_id RHSA-2022:6176
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6176
28
reference_url https://access.redhat.com/errata/RHSA-2022:6177
reference_id RHSA-2022:6177
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6177
29
reference_url https://access.redhat.com/errata/RHSA-2022:6178
reference_id RHSA-2022:6178
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6178
30
reference_url https://access.redhat.com/errata/RHSA-2022:6179
reference_id RHSA-2022:6179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6179
31
reference_url https://bugzilla.mozilla.org/show_bug.cgi?id=1771685
reference_id show_bug.cgi?id=1771685
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T16:13:59Z/
url https://bugzilla.mozilla.org/show_bug.cgi?id=1771685
32
reference_url https://usn.ubuntu.com/5581-1/
reference_id USN-5581-1
reference_type
scores
url https://usn.ubuntu.com/5581-1/
33
reference_url https://usn.ubuntu.com/5663-1/
reference_id USN-5663-1
reference_type
scores
url https://usn.ubuntu.com/5663-1/
fixed_packages
0
url pkg:deb/debian/firefox-esr@91.13.0esr-1~deb11u1?distro=trixie
purl pkg:deb/debian/firefox-esr@91.13.0esr-1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@91.13.0esr-1~deb11u1%3Fdistro=trixie
1
url pkg:deb/debian/firefox-esr@102.2.0esr-1?distro=trixie
purl pkg:deb/debian/firefox-esr@102.2.0esr-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@102.2.0esr-1%3Fdistro=trixie
2
url pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
purl pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1%3Fdistro=trixie
3
url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie
purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ghpk-c1e6-pkae
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1%3Fdistro=trixie
4
url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie
purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ghpk-c1e6-pkae
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1%3Fdistro=trixie
5
url pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie
purl pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ghpk-c1e6-pkae
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.11.0esr-1%3Fdistro=trixie
aliases CVE-2022-38473
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3ezr-d5gb-abf1
2
url VCID-p7n7-paja-mqfy
vulnerability_id VCID-p7n7-paja-mqfy
summary An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38472.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38472.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-38472
reference_id
reference_type
scores
0
value 0.0017
scoring_system epss
scoring_elements 0.38022
published_at 2026-06-05T12:55:00Z
1
value 0.0017
scoring_system epss
scoring_elements 0.38025
published_at 2026-06-06T12:55:00Z
2
value 0.0017
scoring_system epss
scoring_elements 0.37993
published_at 2026-06-07T12:55:00Z
3
value 0.0017
scoring_system epss
scoring_elements 0.37959
published_at 2026-06-08T12:55:00Z
4
value 0.0017
scoring_system epss
scoring_elements 0.3797
published_at 2026-06-09T12:55:00Z
5
value 0.0017
scoring_system epss
scoring_elements 0.37931
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-38472
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38472
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38472
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38473
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38473
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38478
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38478
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2120673
reference_id 2120673
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2120673
7
reference_url https://security.gentoo.org/glsa/202208-37
reference_id GLSA-202208-37
reference_type
scores
url https://security.gentoo.org/glsa/202208-37
8
reference_url https://security.gentoo.org/glsa/202208-38
reference_id GLSA-202208-38
reference_type
scores
url https://security.gentoo.org/glsa/202208-38
9
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2022-33
reference_id mfsa2022-33
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2022-33
10
reference_url https://www.mozilla.org/security/advisories/mfsa2022-33/
reference_id mfsa2022-33
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T16:50:08Z/
url https://www.mozilla.org/security/advisories/mfsa2022-33/
11
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2022-34
reference_id mfsa2022-34
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2022-34
12
reference_url https://www.mozilla.org/security/advisories/mfsa2022-34/
reference_id mfsa2022-34
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T16:50:08Z/
url https://www.mozilla.org/security/advisories/mfsa2022-34/
13
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2022-35
reference_id mfsa2022-35
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2022-35
14
reference_url https://www.mozilla.org/security/advisories/mfsa2022-35/
reference_id mfsa2022-35
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T16:50:08Z/
url https://www.mozilla.org/security/advisories/mfsa2022-35/
15
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2022-36
reference_id mfsa2022-36
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2022-36
16
reference_url https://www.mozilla.org/security/advisories/mfsa2022-36/
reference_id mfsa2022-36
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T16:50:08Z/
url https://www.mozilla.org/security/advisories/mfsa2022-36/
17
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2022-37
reference_id mfsa2022-37
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2022-37
18
reference_url https://www.mozilla.org/security/advisories/mfsa2022-37/
reference_id mfsa2022-37
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T16:50:08Z/
url https://www.mozilla.org/security/advisories/mfsa2022-37/
19
reference_url https://access.redhat.com/errata/RHSA-2022:6164
reference_id RHSA-2022:6164
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6164
20
reference_url https://access.redhat.com/errata/RHSA-2022:6165
reference_id RHSA-2022:6165
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6165
21
reference_url https://access.redhat.com/errata/RHSA-2022:6166
reference_id RHSA-2022:6166
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6166
22
reference_url https://access.redhat.com/errata/RHSA-2022:6167
reference_id RHSA-2022:6167
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6167
23
reference_url https://access.redhat.com/errata/RHSA-2022:6168
reference_id RHSA-2022:6168
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6168
24
reference_url https://access.redhat.com/errata/RHSA-2022:6169
reference_id RHSA-2022:6169
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6169
25
reference_url https://access.redhat.com/errata/RHSA-2022:6174
reference_id RHSA-2022:6174
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6174
26
reference_url https://access.redhat.com/errata/RHSA-2022:6175
reference_id RHSA-2022:6175
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6175
27
reference_url https://access.redhat.com/errata/RHSA-2022:6176
reference_id RHSA-2022:6176
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6176
28
reference_url https://access.redhat.com/errata/RHSA-2022:6177
reference_id RHSA-2022:6177
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6177
29
reference_url https://access.redhat.com/errata/RHSA-2022:6178
reference_id RHSA-2022:6178
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6178
30
reference_url https://access.redhat.com/errata/RHSA-2022:6179
reference_id RHSA-2022:6179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6179
31
reference_url https://bugzilla.mozilla.org/show_bug.cgi?id=1769155
reference_id show_bug.cgi?id=1769155
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T16:50:08Z/
url https://bugzilla.mozilla.org/show_bug.cgi?id=1769155
32
reference_url https://usn.ubuntu.com/5581-1/
reference_id USN-5581-1
reference_type
scores
url https://usn.ubuntu.com/5581-1/
33
reference_url https://usn.ubuntu.com/5663-1/
reference_id USN-5663-1
reference_type
scores
url https://usn.ubuntu.com/5663-1/
fixed_packages
0
url pkg:deb/debian/firefox-esr@91.13.0esr-1~deb11u1?distro=trixie
purl pkg:deb/debian/firefox-esr@91.13.0esr-1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@91.13.0esr-1~deb11u1%3Fdistro=trixie
1
url pkg:deb/debian/firefox-esr@102.2.0esr-1?distro=trixie
purl pkg:deb/debian/firefox-esr@102.2.0esr-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@102.2.0esr-1%3Fdistro=trixie
2
url pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
purl pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1%3Fdistro=trixie
3
url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie
purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ghpk-c1e6-pkae
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1%3Fdistro=trixie
4
url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie
purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ghpk-c1e6-pkae
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1%3Fdistro=trixie
5
url pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie
purl pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ghpk-c1e6-pkae
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.11.0esr-1%3Fdistro=trixie
aliases CVE-2022-38472
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p7n7-paja-mqfy
3
url VCID-psg9-7fta-bqg2
vulnerability_id VCID-psg9-7fta-bqg2
summary Members the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.1 and Thunderbird 91.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38478.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38478.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-38478
reference_id
reference_type
scores
0
value 0.00272
scoring_system epss
scoring_elements 0.50872
published_at 2026-06-05T12:55:00Z
1
value 0.00272
scoring_system epss
scoring_elements 0.50877
published_at 2026-06-06T12:55:00Z
2
value 0.00272
scoring_system epss
scoring_elements 0.50856
published_at 2026-06-07T12:55:00Z
3
value 0.00272
scoring_system epss
scoring_elements 0.50826
published_at 2026-06-08T12:55:00Z
4
value 0.00272
scoring_system epss
scoring_elements 0.50843
published_at 2026-06-09T12:55:00Z
5
value 0.00272
scoring_system epss
scoring_elements 0.50812
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-38478
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38472
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38472
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38473
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38473
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38478
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38478
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2120696
reference_id 2120696
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2120696
7
reference_url https://bugzilla.mozilla.org/buglist.cgi?bug_id=1770630%2C1776658
reference_id buglist.cgi?bug_id=1770630%2C1776658
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T17:19:42Z/
url https://bugzilla.mozilla.org/buglist.cgi?bug_id=1770630%2C1776658
8
reference_url https://security.gentoo.org/glsa/202208-37
reference_id GLSA-202208-37
reference_type
scores
url https://security.gentoo.org/glsa/202208-37
9
reference_url https://security.gentoo.org/glsa/202208-38
reference_id GLSA-202208-38
reference_type
scores
url https://security.gentoo.org/glsa/202208-38
10
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2022-33
reference_id mfsa2022-33
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2022-33
11
reference_url https://www.mozilla.org/security/advisories/mfsa2022-33/
reference_id mfsa2022-33
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T17:19:42Z/
url https://www.mozilla.org/security/advisories/mfsa2022-33/
12
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2022-34
reference_id mfsa2022-34
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2022-34
13
reference_url https://www.mozilla.org/security/advisories/mfsa2022-34/
reference_id mfsa2022-34
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T17:19:42Z/
url https://www.mozilla.org/security/advisories/mfsa2022-34/
14
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2022-35
reference_id mfsa2022-35
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2022-35
15
reference_url https://www.mozilla.org/security/advisories/mfsa2022-35/
reference_id mfsa2022-35
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T17:19:42Z/
url https://www.mozilla.org/security/advisories/mfsa2022-35/
16
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2022-36
reference_id mfsa2022-36
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2022-36
17
reference_url https://www.mozilla.org/security/advisories/mfsa2022-36/
reference_id mfsa2022-36
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T17:19:42Z/
url https://www.mozilla.org/security/advisories/mfsa2022-36/
18
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2022-37
reference_id mfsa2022-37
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2022-37
19
reference_url https://www.mozilla.org/security/advisories/mfsa2022-37/
reference_id mfsa2022-37
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T17:19:42Z/
url https://www.mozilla.org/security/advisories/mfsa2022-37/
20
reference_url https://access.redhat.com/errata/RHSA-2022:6164
reference_id RHSA-2022:6164
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6164
21
reference_url https://access.redhat.com/errata/RHSA-2022:6165
reference_id RHSA-2022:6165
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6165
22
reference_url https://access.redhat.com/errata/RHSA-2022:6166
reference_id RHSA-2022:6166
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6166
23
reference_url https://access.redhat.com/errata/RHSA-2022:6167
reference_id RHSA-2022:6167
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6167
24
reference_url https://access.redhat.com/errata/RHSA-2022:6168
reference_id RHSA-2022:6168
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6168
25
reference_url https://access.redhat.com/errata/RHSA-2022:6169
reference_id RHSA-2022:6169
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6169
26
reference_url https://access.redhat.com/errata/RHSA-2022:6174
reference_id RHSA-2022:6174
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6174
27
reference_url https://access.redhat.com/errata/RHSA-2022:6175
reference_id RHSA-2022:6175
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6175
28
reference_url https://access.redhat.com/errata/RHSA-2022:6176
reference_id RHSA-2022:6176
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6176
29
reference_url https://access.redhat.com/errata/RHSA-2022:6177
reference_id RHSA-2022:6177
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6177
30
reference_url https://access.redhat.com/errata/RHSA-2022:6178
reference_id RHSA-2022:6178
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6178
31
reference_url https://access.redhat.com/errata/RHSA-2022:6179
reference_id RHSA-2022:6179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6179
32
reference_url https://usn.ubuntu.com/5581-1/
reference_id USN-5581-1
reference_type
scores
url https://usn.ubuntu.com/5581-1/
33
reference_url https://usn.ubuntu.com/5663-1/
reference_id USN-5663-1
reference_type
scores
url https://usn.ubuntu.com/5663-1/
fixed_packages
0
url pkg:deb/debian/firefox-esr@91.13.0esr-1~deb11u1?distro=trixie
purl pkg:deb/debian/firefox-esr@91.13.0esr-1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@91.13.0esr-1~deb11u1%3Fdistro=trixie
1
url pkg:deb/debian/firefox-esr@102.2.0esr-1?distro=trixie
purl pkg:deb/debian/firefox-esr@102.2.0esr-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@102.2.0esr-1%3Fdistro=trixie
2
url pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
purl pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1%3Fdistro=trixie
3
url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie
purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ghpk-c1e6-pkae
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1%3Fdistro=trixie
4
url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie
purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ghpk-c1e6-pkae
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1%3Fdistro=trixie
5
url pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie
purl pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ghpk-c1e6-pkae
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.11.0esr-1%3Fdistro=trixie
aliases CVE-2022-38478
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-psg9-7fta-bqg2
4
url VCID-vqe1-f61x-e7hd
vulnerability_id VCID-vqe1-f61x-e7hd
summary A data race could occur in the PK11_ChangePW function, potentially leading to a use-after-free vulnerability. In Thunderbird, this lock protected the data when a user changed their master password.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38476.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38476.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-38476
reference_id
reference_type
scores
0
value 0.00187
scoring_system epss
scoring_elements 0.40332
published_at 2026-06-05T12:55:00Z
1
value 0.00187
scoring_system epss
scoring_elements 0.40278
published_at 2026-06-08T12:55:00Z
2
value 0.00187
scoring_system epss
scoring_elements 0.40307
published_at 2026-06-07T12:55:00Z
3
value 0.00187
scoring_system epss
scoring_elements 0.40335
published_at 2026-06-06T12:55:00Z
4
value 0.00187
scoring_system epss
scoring_elements 0.4025
published_at 2026-06-04T12:55:00Z
5
value 0.00187
scoring_system epss
scoring_elements 0.40292
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-38476
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2120678
reference_id 2120678
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2120678
3
reference_url https://security.gentoo.org/glsa/202208-37
reference_id GLSA-202208-37
reference_type
scores
url https://security.gentoo.org/glsa/202208-37
4
reference_url https://security.gentoo.org/glsa/202208-38
reference_id GLSA-202208-38
reference_type
scores
url https://security.gentoo.org/glsa/202208-38
5
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2022-34
reference_id mfsa2022-34
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2022-34
6
reference_url https://www.mozilla.org/security/advisories/mfsa2022-34/
reference_id mfsa2022-34
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T17:23:43Z/
url https://www.mozilla.org/security/advisories/mfsa2022-34/
7
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2022-36
reference_id mfsa2022-36
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2022-36
8
reference_url https://www.mozilla.org/security/advisories/mfsa2022-36/
reference_id mfsa2022-36
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T17:23:43Z/
url https://www.mozilla.org/security/advisories/mfsa2022-36/
9
reference_url https://access.redhat.com/errata/RHSA-2022:6164
reference_id RHSA-2022:6164
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6164
10
reference_url https://access.redhat.com/errata/RHSA-2022:6165
reference_id RHSA-2022:6165
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6165
11
reference_url https://access.redhat.com/errata/RHSA-2022:6166
reference_id RHSA-2022:6166
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6166
12
reference_url https://access.redhat.com/errata/RHSA-2022:6167
reference_id RHSA-2022:6167
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6167
13
reference_url https://access.redhat.com/errata/RHSA-2022:6168
reference_id RHSA-2022:6168
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6168
14
reference_url https://access.redhat.com/errata/RHSA-2022:6169
reference_id RHSA-2022:6169
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6169
15
reference_url https://access.redhat.com/errata/RHSA-2022:6174
reference_id RHSA-2022:6174
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6174
16
reference_url https://access.redhat.com/errata/RHSA-2022:6175
reference_id RHSA-2022:6175
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6175
17
reference_url https://access.redhat.com/errata/RHSA-2022:6176
reference_id RHSA-2022:6176
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6176
18
reference_url https://access.redhat.com/errata/RHSA-2022:6177
reference_id RHSA-2022:6177
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6177
19
reference_url https://access.redhat.com/errata/RHSA-2022:6178
reference_id RHSA-2022:6178
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6178
20
reference_url https://access.redhat.com/errata/RHSA-2022:6179
reference_id RHSA-2022:6179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6179
21
reference_url https://bugzilla.mozilla.org/show_bug.cgi?id=1760998
reference_id show_bug.cgi?id=1760998
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T17:23:43Z/
url https://bugzilla.mozilla.org/show_bug.cgi?id=1760998
22
reference_url https://usn.ubuntu.com/5663-1/
reference_id USN-5663-1
reference_type
scores
url https://usn.ubuntu.com/5663-1/
fixed_packages
0
url pkg:deb/debian/firefox-esr@0?distro=trixie
purl pkg:deb/debian/firefox-esr@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@0%3Fdistro=trixie
1
url pkg:deb/debian/firefox-esr@102.2.0esr-1?distro=trixie
purl pkg:deb/debian/firefox-esr@102.2.0esr-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@102.2.0esr-1%3Fdistro=trixie
2
url pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
purl pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1%3Fdistro=trixie
3
url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie
purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ghpk-c1e6-pkae
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1%3Fdistro=trixie
4
url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie
purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ghpk-c1e6-pkae
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1%3Fdistro=trixie
5
url pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie
purl pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ghpk-c1e6-pkae
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.11.0esr-1%3Fdistro=trixie
aliases CVE-2022-38476
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vqe1-f61x-e7hd
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@102.2.0esr-1%3Fdistro=trixie