Action not permitted
Modal body text goes here.
Modal Title
Modal Body
ubuntu-cve-2026-0818
Vulnerability from osv_ubuntu
When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If the user had additionally allowed loading of the remote content referenced by the outer email message, and the email was crafted by the sender using a combination of CSS rules and fonts and animations, then it was possible to extract the secret contents of the email. This vulnerability was fixed in Thunderbird 147.0.1 and Thunderbird 140.7.1.
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:140.7.1+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:140.7.1+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:140.7.1+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:140.7.1+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:140.7.1+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:140.7.1+build1-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:140.7.1+build1-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:140.7.1+build1-0ubuntu0.22.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:91.1.2+build1-0ubuntu1",
"1:91.3.0+build2-0ubuntu1",
"1:91.3.1+build1-0ubuntu1",
"1:91.3.2+build1-0ubuntu1",
"1:91.4.0+build1.1-0ubuntu1",
"1:91.4.0+build2-0ubuntu1",
"1:91.5.0+build1-0ubuntu1",
"1:91.5.1+build1-0ubuntu1",
"1:91.6.1+build1-0ubuntu1",
"1:91.7.0+build1-0ubuntu1",
"1:91.7.0+build2-0ubuntu1",
"1:91.8.0+build2-0ubuntu1",
"1:91.9.1+build1-0ubuntu0.22.04.1",
"1:91.11.0+build2-0ubuntu0.22.04.1",
"1:102.2.2+build1-0ubuntu0.22.04.1",
"1:102.4.2+build2-0ubuntu0.22.04.1",
"1:102.7.1+build2-0ubuntu0.22.04.1",
"1:102.8.0+build2-0ubuntu0.22.04.1",
"1:102.9.0+build1-0ubuntu0.22.04.1",
"1:102.10.0+build2-0ubuntu0.22.04.1",
"1:102.11.0+build1-0ubuntu0.22.04.1",
"1:102.13.0+build1-0ubuntu0.22.04.1",
"1:102.15.0+build1-0ubuntu0.22.04.1",
"1:102.15.1+build1-0ubuntu0.22.04.1",
"1:115.3.1+build1-0ubuntu0.22.04.2",
"1:115.4.1+build1-0ubuntu0.22.04.1",
"1:115.5.0+build1-0ubuntu0.22.04.1",
"1:115.6.0+build2-0ubuntu0.22.04.1",
"1:115.8.1+build1-0ubuntu0.22.04.1",
"1:115.9.0+build1-0ubuntu0.22.04.1",
"1:115.10.1+build1-0ubuntu0.22.04.1",
"1:115.11.0+build2-0ubuntu0.22.04.1",
"1:115.12.0+build3-0ubuntu0.22.04.1",
"1:115.13.0+build5-0ubuntu0.22.04.1",
"1:115.15.0+build1-0ubuntu0.22.04.1",
"1:115.16.0+build2-0ubuntu0.22.04.1",
"1:115.18.0+build1-0ubuntu0.22.04.1",
"1:128.12.0+build1-0ubuntu0.22.04.1"
]
}
],
"aliases": [],
"details": "When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If the user had additionally allowed loading of the remote content referenced by the outer email message, and the email was crafted by the sender using a combination of CSS rules and fonts and animations, then it was possible to extract the secret contents of the email. This vulnerability was fixed in Thunderbird 147.0.1 and Thunderbird 140.7.1.",
"id": "UBUNTU-CVE-2026-0818",
"modified": "2026-06-24T08:58:35Z",
"published": "2026-01-29T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-0818"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0818"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-08/#CVE-2026-0818"
},
{
"type": "REPORT",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1881530"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-07/"
},
{
"type": "REPORT",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-08/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7991-1"
}
],
"related": [
"USN-7991-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-0818"
]
}
CVE-2026-0818 (GCVE-0-2026-0818)
Vulnerability from cvelistv5 – Published: 2026-01-28 07:39 – Updated: 2026-04-13 13:52| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Thunderbird |
Unaffected:
140.7.1 , ≤ 140.*
(rpm)
Unaffected: 147.0.1 , ≤ * (rpm) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-0818",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-28T16:50:27.156500Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116 Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T16:51:16.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-02-04T09:14:40.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2026/02/msg00005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.7.1",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "147.0.1",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Leon Trampert, Daniel Weber, Christian Rossow, Michael Schwarz"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If the user had additionally allowed loading of the remote content referenced by the outer email message, and the email was crafted by the sender using a combination of CSS rules and fonts and animations, then it was possible to extract the secret contents of the email. This vulnerability was fixed in Thunderbird 147.0.1 and Thunderbird 140.7.1."
}
],
"value": "When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If the user had additionally allowed loading of the remote content referenced by the outer email message, and the email was crafted by the sender using a combination of CSS rules and fonts and animations, then it was possible to extract the secret contents of the email. This vulnerability was fixed in Thunderbird 147.0.1 and Thunderbird 140.7.1."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:52:14.777Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1881530"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-07/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-08/"
}
],
"title": "CSS-based exfiltration of the content from partially encrypted emails when allowing remote content"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-0818",
"datePublished": "2026-01-28T07:39:17.467Z",
"dateReserved": "2026-01-09T16:32:39.712Z",
"dateUpdated": "2026-04-13T13:52:14.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
usn-7991-1
Vulnerability from osv_ubuntu
Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code.
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2024-9396",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-9397",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-9398",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-9399",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-9400",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-9402",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-9403",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-10460",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-10461",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-10462",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-10464",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-10465",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-10466",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-10467",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-10468",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2024-50336",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N",
"type": "CVSS_V4"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-0237",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-0239",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-0240",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-0241",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-0243",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-0247",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-1018",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-1019",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-1020",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-1942",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-1943",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-3031",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-3032",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-3034",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-4085",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-4088",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-4089",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-4092",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-5270",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-5271",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-5272",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-5283",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-6427",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-6432",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-6433",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-6434",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-6435",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-6436",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-8027",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-8028",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-8029",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-8030",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-8031",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-8032",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-8033",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-8034",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-8035",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-8036",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-8037",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-8038",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-8039",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-8040",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-9179",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-9180",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-9181",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-9182",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-9184",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-9185",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-10527",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-10528",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-10529",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-10532",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-10533",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-10536",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-10537",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-11708",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-11709",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-11710",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-11711",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-11712",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-11713",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-11714",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-11715",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-13012",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-13013",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-13014",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-13015",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-13016",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-13017",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-13018",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-13019",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-13020",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-14321",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-14322",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-14323",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-14324",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-14325",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-14327",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-14328",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-14329",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-14330",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-14331",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-0818",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-0877",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-0878",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-0879",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-0880",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-0882",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-0883",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-0884",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-0885",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-0886",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-0887",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-0890",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-0891",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:22.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:140.7.1+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:140.7.1+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:140.7.1+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:140.7.1+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:140.7.1+build1-0ubuntu0.22.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:140.7.1+build1-0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "thunderbird",
"purl": "pkg:deb/ubuntu/thunderbird@1:140.7.1+build1-0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:140.7.1+build1-0ubuntu0.22.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:91.1.2+build1-0ubuntu1",
"1:91.3.0+build2-0ubuntu1",
"1:91.3.1+build1-0ubuntu1",
"1:91.3.2+build1-0ubuntu1",
"1:91.4.0+build1.1-0ubuntu1",
"1:91.4.0+build2-0ubuntu1",
"1:91.5.0+build1-0ubuntu1",
"1:91.5.1+build1-0ubuntu1",
"1:91.6.1+build1-0ubuntu1",
"1:91.7.0+build1-0ubuntu1",
"1:91.7.0+build2-0ubuntu1",
"1:91.8.0+build2-0ubuntu1",
"1:91.9.1+build1-0ubuntu0.22.04.1",
"1:91.11.0+build2-0ubuntu0.22.04.1",
"1:102.2.2+build1-0ubuntu0.22.04.1",
"1:102.4.2+build2-0ubuntu0.22.04.1",
"1:102.7.1+build2-0ubuntu0.22.04.1",
"1:102.8.0+build2-0ubuntu0.22.04.1",
"1:102.9.0+build1-0ubuntu0.22.04.1",
"1:102.10.0+build2-0ubuntu0.22.04.1",
"1:102.11.0+build1-0ubuntu0.22.04.1",
"1:102.13.0+build1-0ubuntu0.22.04.1",
"1:102.15.0+build1-0ubuntu0.22.04.1",
"1:102.15.1+build1-0ubuntu0.22.04.1",
"1:115.3.1+build1-0ubuntu0.22.04.2",
"1:115.4.1+build1-0ubuntu0.22.04.1",
"1:115.5.0+build1-0ubuntu0.22.04.1",
"1:115.6.0+build2-0ubuntu0.22.04.1",
"1:115.8.1+build1-0ubuntu0.22.04.1",
"1:115.9.0+build1-0ubuntu0.22.04.1",
"1:115.10.1+build1-0ubuntu0.22.04.1",
"1:115.11.0+build2-0ubuntu0.22.04.1",
"1:115.12.0+build3-0ubuntu0.22.04.1",
"1:115.13.0+build5-0ubuntu0.22.04.1",
"1:115.15.0+build1-0ubuntu0.22.04.1",
"1:115.16.0+build2-0ubuntu0.22.04.1",
"1:115.18.0+build1-0ubuntu0.22.04.1",
"1:128.12.0+build1-0ubuntu0.22.04.1"
]
}
],
"aliases": [],
"details": "Multiple security issues were discovered in Thunderbird. If a user were\ntricked into opening a specially crafted website in a browsing context,\nan attacker could potentially exploit these to cause a denial of service,\nobtain sensitive information, bypass security restrictions, cross-site\ntracing, or execute arbitrary code.",
"id": "USN-7991-1",
"modified": "2026-06-30T15:54:46Z",
"published": "2026-02-02T12:11:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7991-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-9396"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-9397"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-9398"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-9399"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-9400"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-9402"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-9403"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-10460"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-10461"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-10462"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-10464"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-10465"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-10466"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-10467"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-10468"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2024-50336"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-0237"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-0239"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-0240"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-0241"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-0243"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-0247"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-1018"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-1019"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-1020"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-1942"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-1943"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-3031"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-3032"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-3034"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-4085"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-4088"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-4089"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-4092"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-5270"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-5271"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-5272"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-5283"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-6427"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-6432"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-6433"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-6434"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-6435"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-6436"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-8027"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-8028"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-8029"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-8030"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-8031"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-8032"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-8033"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-8034"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-8035"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-8036"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-8037"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-8038"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-8039"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-8040"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-9179"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-9180"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-9181"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-9182"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-9184"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-9185"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-10527"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-10528"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-10529"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-10532"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-10533"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-10536"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-10537"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-11708"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-11709"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-11710"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-11711"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-11712"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-11713"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-11714"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-11715"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-13012"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-13013"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-13014"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-13015"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-13016"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-13017"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-13018"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-13019"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-13020"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-14321"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-14322"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-14323"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-14324"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-14325"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-14327"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-14328"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-14329"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-14330"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-14331"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-0818"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-0877"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-0878"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-0879"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-0880"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-0882"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-0883"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-0884"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-0885"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-0886"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-0887"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-0890"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-0891"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "thunderbird vulnerabilities",
"upstream": [
"UBUNTU-CVE-2024-9396",
"UBUNTU-CVE-2024-9397",
"UBUNTU-CVE-2024-9398",
"UBUNTU-CVE-2024-9399",
"UBUNTU-CVE-2024-9400",
"UBUNTU-CVE-2024-9402",
"UBUNTU-CVE-2024-9403",
"UBUNTU-CVE-2024-10460",
"UBUNTU-CVE-2024-10461",
"UBUNTU-CVE-2024-10462",
"UBUNTU-CVE-2024-10464",
"UBUNTU-CVE-2024-10465",
"UBUNTU-CVE-2024-10466",
"UBUNTU-CVE-2024-10467",
"UBUNTU-CVE-2024-10468",
"UBUNTU-CVE-2024-50336",
"UBUNTU-CVE-2025-0237",
"UBUNTU-CVE-2025-0239",
"UBUNTU-CVE-2025-0240",
"UBUNTU-CVE-2025-0241",
"UBUNTU-CVE-2025-0243",
"UBUNTU-CVE-2025-0247",
"UBUNTU-CVE-2025-1018",
"UBUNTU-CVE-2025-1019",
"UBUNTU-CVE-2025-1020",
"UBUNTU-CVE-2025-1942",
"UBUNTU-CVE-2025-1943",
"UBUNTU-CVE-2025-3031",
"UBUNTU-CVE-2025-3032",
"UBUNTU-CVE-2025-3034",
"UBUNTU-CVE-2025-4085",
"UBUNTU-CVE-2025-4088",
"UBUNTU-CVE-2025-4089",
"UBUNTU-CVE-2025-4092",
"UBUNTU-CVE-2025-5270",
"UBUNTU-CVE-2025-5271",
"UBUNTU-CVE-2025-5272",
"UBUNTU-CVE-2025-5283",
"UBUNTU-CVE-2025-6427",
"UBUNTU-CVE-2025-6432",
"UBUNTU-CVE-2025-6433",
"UBUNTU-CVE-2025-6434",
"UBUNTU-CVE-2025-6435",
"UBUNTU-CVE-2025-6436",
"UBUNTU-CVE-2025-8027",
"UBUNTU-CVE-2025-8028",
"UBUNTU-CVE-2025-8029",
"UBUNTU-CVE-2025-8030",
"UBUNTU-CVE-2025-8031",
"UBUNTU-CVE-2025-8032",
"UBUNTU-CVE-2025-8033",
"UBUNTU-CVE-2025-8034",
"UBUNTU-CVE-2025-8035",
"UBUNTU-CVE-2025-8036",
"UBUNTU-CVE-2025-8037",
"UBUNTU-CVE-2025-8038",
"UBUNTU-CVE-2025-8039",
"UBUNTU-CVE-2025-8040",
"UBUNTU-CVE-2025-9179",
"UBUNTU-CVE-2025-9180",
"UBUNTU-CVE-2025-9181",
"UBUNTU-CVE-2025-9182",
"UBUNTU-CVE-2025-9184",
"UBUNTU-CVE-2025-9185",
"UBUNTU-CVE-2025-10527",
"UBUNTU-CVE-2025-10528",
"UBUNTU-CVE-2025-10529",
"UBUNTU-CVE-2025-10532",
"UBUNTU-CVE-2025-10533",
"UBUNTU-CVE-2025-10536",
"UBUNTU-CVE-2025-10537",
"UBUNTU-CVE-2025-11708",
"UBUNTU-CVE-2025-11709",
"UBUNTU-CVE-2025-11710",
"UBUNTU-CVE-2025-11711",
"UBUNTU-CVE-2025-11712",
"UBUNTU-CVE-2025-11713",
"UBUNTU-CVE-2025-11714",
"UBUNTU-CVE-2025-11715",
"UBUNTU-CVE-2025-13012",
"UBUNTU-CVE-2025-13013",
"UBUNTU-CVE-2025-13014",
"UBUNTU-CVE-2025-13015",
"UBUNTU-CVE-2025-13016",
"UBUNTU-CVE-2025-13017",
"UBUNTU-CVE-2025-13018",
"UBUNTU-CVE-2025-13019",
"UBUNTU-CVE-2025-13020",
"UBUNTU-CVE-2025-14321",
"UBUNTU-CVE-2025-14322",
"UBUNTU-CVE-2025-14323",
"UBUNTU-CVE-2025-14324",
"UBUNTU-CVE-2025-14325",
"UBUNTU-CVE-2025-14327",
"UBUNTU-CVE-2025-14328",
"UBUNTU-CVE-2025-14329",
"UBUNTU-CVE-2025-14330",
"UBUNTU-CVE-2025-14331",
"UBUNTU-CVE-2026-0818",
"UBUNTU-CVE-2026-0877",
"UBUNTU-CVE-2026-0878",
"UBUNTU-CVE-2026-0879",
"UBUNTU-CVE-2026-0880",
"UBUNTU-CVE-2026-0882",
"UBUNTU-CVE-2026-0883",
"UBUNTU-CVE-2026-0884",
"UBUNTU-CVE-2026-0885",
"UBUNTU-CVE-2026-0886",
"UBUNTU-CVE-2026-0887",
"UBUNTU-CVE-2026-0890",
"UBUNTU-CVE-2026-0891"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.