[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-3889":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":439,"aliases":440,"duplicate_of":9,"upstream":441,"downstream":442,"duplicates":481,"related":482,"reserved_at":9,"published_at":486,"modified_at":487,"state":488,"summary":489,"references_raw":498,"kevs":514,"epss":515,"epss_history":518,"metrics":734,"affected":742},"CVE-2026-3889","Spoofing issue in Thunderbird. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-451","User Interface (UI) Misrepresentation of Critical Information","The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.","weakness","Draft","Class",[19,23,348,352,356],{"id":20,"name":21,"techniques":22},"CAPEC-154","Resource Location Spoofing",[],{"id":24,"name":25,"techniques":26},"CAPEC-163","Spear Phishing",[27,122,214,294,330,338,343],{"id":28,"name":29,"tactics":30,"countermeasures":34},"T1534","Internal Spearphishing",[31],{"id":32,"name":33},"TA0109","Lateral Movement",[35,40,45,49,53,57,61,65,69,74,78,83,88,93,97,102,106,110,114,118],{"id":36,"name":37,"tactic":38},"D3-DI","Data Inventory",{"name":39},"Model",{"id":41,"name":42,"tactic":43},"D3-FA","File Analysis",{"name":44},"Detect",{"id":46,"name":47,"tactic":48},"D3-FIM","File Integrity Monitoring",{"name":44},{"id":50,"name":51,"tactic":52},"D3-DA","Dynamic Analysis",{"name":44},{"id":54,"name":55,"tactic":56},"D3-EFA","Emulated File Analysis",{"name":44},{"id":58,"name":59,"tactic":60},"D3-SRA","Sender Reputation Analysis",{"name":44},{"id":62,"name":63,"tactic":64},"D3-SMRA","Sender MTA Reputation Analysis",{"name":44},{"id":66,"name":67,"tactic":68},"D3-HD","Homoglyph Detection",{"name":44},{"id":70,"name":71,"tactic":72},"D3-FEV","File Eviction",{"name":73},"Evict",{"id":75,"name":76,"tactic":77},"D3-ER","Email Removal",{"name":73},{"id":79,"name":80,"tactic":81},"D3-DF","Decoy File",{"name":82},"Deceive",{"id":84,"name":85,"tactic":86},"D3-FE","File Encryption",{"name":87},"Harden",{"id":89,"name":90,"tactic":91},"D3-RF","Restore File",{"name":92},"Restore",{"id":94,"name":95,"tactic":96},"D3-RE","Restore Email",{"name":92},{"id":98,"name":99,"tactic":100},"D3-CF","Content Filtering",{"name":101},"Isolate",{"id":103,"name":104,"tactic":105},"D3-LFP","Local File Permissions",{"name":101},{"id":107,"name":108,"tactic":109},"D3-RFAM","Remote File Access Mediation",{"name":101},{"id":111,"name":112,"tactic":113},"D3-CQ","Content Quarantine",{"name":101},{"id":115,"name":116,"tactic":117},"D3-CM","Content Modification",{"name":101},{"id":119,"name":120,"tactic":121},"D3-EF","Email Filtering",{"name":101},{"id":123,"name":124,"tactics":125,"countermeasures":129},"T1566.001","Spearphishing Attachment",[126],{"id":127,"name":128},"TA0108","Initial Access",[130,132,136,140,144,148,152,156,160,164,168,170,172,174,176,178,180,182,184,186,188,190,192,194,198,202,204,206,208,210,212],{"id":36,"name":37,"tactic":131},{"name":39},{"id":133,"name":134,"tactic":135},"D3-ISVA","Inbound Session Volume Analysis",{"name":44},{"id":137,"name":138,"tactic":139},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":44},{"id":141,"name":142,"tactic":143},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":44},{"id":145,"name":146,"tactic":147},"D3-CSPP","Client-server Payload Profiling",{"name":44},{"id":149,"name":150,"tactic":151},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":44},{"id":153,"name":154,"tactic":155},"D3-NTSA","Network Traffic Signature Analysis",{"name":44},{"id":157,"name":158,"tactic":159},"D3-APCA","Application Protocol Command Analysis",{"name":44},{"id":161,"name":162,"tactic":163},"D3-NTCD","Network Traffic Community Deviation",{"name":44},{"id":165,"name":166,"tactic":167},"D3-RTSD","Remote Terminal Session Detection",{"name":44},{"id":41,"name":42,"tactic":169},{"name":44},{"id":46,"name":47,"tactic":171},{"name":44},{"id":50,"name":51,"tactic":173},{"name":44},{"id":54,"name":55,"tactic":175},{"name":44},{"id":58,"name":59,"tactic":177},{"name":44},{"id":62,"name":63,"tactic":179},{"name":44},{"id":66,"name":67,"tactic":181},{"name":44},{"id":70,"name":71,"tactic":183},{"name":73},{"id":75,"name":76,"tactic":185},{"name":73},{"id":79,"name":80,"tactic":187},{"name":82},{"id":84,"name":85,"tactic":189},{"name":87},{"id":89,"name":90,"tactic":191},{"name":92},{"id":94,"name":95,"tactic":193},{"name":92},{"id":195,"name":196,"tactic":197},"D3-NTF","Network Traffic Filtering",{"name":101},{"id":199,"name":200,"tactic":201},"D3-ITF","Inbound Traffic Filtering",{"name":101},{"id":98,"name":99,"tactic":203},{"name":101},{"id":103,"name":104,"tactic":205},{"name":101},{"id":107,"name":108,"tactic":207},{"name":101},{"id":111,"name":112,"tactic":209},{"name":101},{"id":115,"name":116,"tactic":211},{"name":101},{"id":119,"name":120,"tactic":213},{"name":101},{"id":215,"name":216,"tactics":217,"countermeasures":219},"T1566.002","Spearphishing Link",[218],{"id":127,"name":128},[220,222,226,228,230,232,234,236,238,240,242,244,246,248,250,252,254,256,258,262,266,268,270,272,274,276,278,280,282,284,286,288,290,292],{"id":36,"name":37,"tactic":221},{"name":39},{"id":223,"name":224,"tactic":225},"D3-IAA","Identifier Activity Analysis",{"name":44},{"id":133,"name":134,"tactic":227},{"name":44},{"id":137,"name":138,"tactic":229},{"name":44},{"id":141,"name":142,"tactic":231},{"name":44},{"id":145,"name":146,"tactic":233},{"name":44},{"id":149,"name":150,"tactic":235},{"name":44},{"id":153,"name":154,"tactic":237},{"name":44},{"id":157,"name":158,"tactic":239},{"name":44},{"id":161,"name":162,"tactic":241},{"name":44},{"id":165,"name":166,"tactic":243},{"name":44},{"id":41,"name":42,"tactic":245},{"name":44},{"id":46,"name":47,"tactic":247},{"name":44},{"id":50,"name":51,"tactic":249},{"name":44},{"id":54,"name":55,"tactic":251},{"name":44},{"id":58,"name":59,"tactic":253},{"name":44},{"id":62,"name":63,"tactic":255},{"name":44},{"id":66,"name":67,"tactic":257},{"name":44},{"id":259,"name":260,"tactic":261},"D3-URA","URL Reputation Analysis",{"name":44},{"id":263,"name":264,"tactic":265},"D3-UA","URL Analysis",{"name":44},{"id":70,"name":71,"tactic":267},{"name":73},{"id":75,"name":76,"tactic":269},{"name":73},{"id":79,"name":80,"tactic":271},{"name":82},{"id":84,"name":85,"tactic":273},{"name":87},{"id":89,"name":90,"tactic":275},{"name":92},{"id":94,"name":95,"tactic":277},{"name":92},{"id":195,"name":196,"tactic":279},{"name":101},{"id":199,"name":200,"tactic":281},{"name":101},{"id":98,"name":99,"tactic":283},{"name":101},{"id":103,"name":104,"tactic":285},{"name":101},{"id":107,"name":108,"tactic":287},{"name":101},{"id":111,"name":112,"tactic":289},{"name":101},{"id":115,"name":116,"tactic":291},{"name":101},{"id":119,"name":120,"tactic":293},{"name":101},{"id":295,"name":296,"tactics":297,"countermeasures":299},"T1566.003","Spearphishing via Service",[298],{"id":127,"name":128},[300,302,304,306,308,310,312,314,316,318,320,322,324,326,328],{"id":223,"name":224,"tactic":301},{"name":44},{"id":66,"name":67,"tactic":303},{"name":44},{"id":259,"name":260,"tactic":305},{"name":44},{"id":263,"name":264,"tactic":307},{"name":44},{"id":41,"name":42,"tactic":309},{"name":44},{"id":46,"name":47,"tactic":311},{"name":44},{"id":70,"name":71,"tactic":313},{"name":73},{"id":79,"name":80,"tactic":315},{"name":82},{"id":84,"name":85,"tactic":317},{"name":87},{"id":89,"name":90,"tactic":319},{"name":92},{"id":98,"name":99,"tactic":321},{"name":101},{"id":103,"name":104,"tactic":323},{"name":101},{"id":107,"name":108,"tactic":325},{"name":101},{"id":111,"name":112,"tactic":327},{"name":101},{"id":115,"name":116,"tactic":329},{"name":101},{"id":331,"name":332,"tactics":333,"countermeasures":337},"T1598.001","Spearphishing Service",[334],{"id":335,"name":336},"TA0043","Reconnaissance",[],{"id":339,"name":124,"tactics":340,"countermeasures":342},"T1598.002",[341],{"id":335,"name":336},[],{"id":344,"name":216,"tactics":345,"countermeasures":347},"T1598.003",[346],{"id":335,"name":336},[],{"id":349,"name":350,"techniques":351},"CAPEC-164","Mobile Phishing",[],{"id":353,"name":354,"techniques":355},"CAPEC-173","Action Spoofing",[],{"id":357,"name":358,"techniques":359},"CAPEC-98","Phishing",[360,433],{"id":361,"name":358,"tactics":362,"countermeasures":364},"T1566",[363],{"id":127,"name":128},[365,367,369,371,373,375,377,379,381,383,385,387,389,391,393,395,397,399,401,403,405,407,409,411,413,415,417,419,421,423,425,427,429,431],{"id":36,"name":37,"tactic":366},{"name":39},{"id":223,"name":224,"tactic":368},{"name":44},{"id":133,"name":134,"tactic":370},{"name":44},{"id":137,"name":138,"tactic":372},{"name":44},{"id":141,"name":142,"tactic":374},{"name":44},{"id":145,"name":146,"tactic":376},{"name":44},{"id":149,"name":150,"tactic":378},{"name":44},{"id":153,"name":154,"tactic":380},{"name":44},{"id":157,"name":158,"tactic":382},{"name":44},{"id":161,"name":162,"tactic":384},{"name":44},{"id":165,"name":166,"tactic":386},{"name":44},{"id":41,"name":42,"tactic":388},{"name":44},{"id":46,"name":47,"tactic":390},{"name":44},{"id":50,"name":51,"tactic":392},{"name":44},{"id":54,"name":55,"tactic":394},{"name":44},{"id":58,"name":59,"tactic":396},{"name":44},{"id":62,"name":63,"tactic":398},{"name":44},{"id":66,"name":67,"tactic":400},{"name":44},{"id":259,"name":260,"tactic":402},{"name":44},{"id":263,"name":264,"tactic":404},{"name":44},{"id":70,"name":71,"tactic":406},{"name":73},{"id":75,"name":76,"tactic":408},{"name":73},{"id":79,"name":80,"tactic":410},{"name":82},{"id":84,"name":85,"tactic":412},{"name":87},{"id":89,"name":90,"tactic":414},{"name":92},{"id":94,"name":95,"tactic":416},{"name":92},{"id":195,"name":196,"tactic":418},{"name":101},{"id":199,"name":200,"tactic":420},{"name":101},{"id":98,"name":99,"tactic":422},{"name":101},{"id":103,"name":104,"tactic":424},{"name":101},{"id":107,"name":108,"tactic":426},{"name":101},{"id":111,"name":112,"tactic":428},{"name":101},{"id":115,"name":116,"tactic":430},{"name":101},{"id":119,"name":120,"tactic":432},{"name":101},{"id":434,"name":435,"tactics":436,"countermeasures":438},"T1598","Phishing for Information",[437],{"id":335,"name":336},[],[],[],[],[443,445,447,449,451,453,455,457,459,461,463,465,467,469,471,473,475,477,479],{"_key":444},"DLA-4511-1",{"_key":446},"DSA-6179-1",{"_key":448},"OPENSUSE-SU-2026:10447-1",{"_key":450},"SUSE-SU-2026:1163-1",{"_key":452},"MGASA-2026-0081",{"_key":454},"UBUNTU-CVE-2026-3889",{"_key":456},"DEBIAN-CVE-2026-3889",{"_key":458},"RHSA-2026:6188",{"_key":460},"RHSA-2026:6342",{"_key":462},"RHSA-2026:6917",{"_key":464},"RHSA-2026:8284",{"_key":466},"RHSA-2026:8285",{"_key":468},"RHSA-2026:8286",{"_key":470},"RHSA-2026:8287",{"_key":472},"RHSA-2026:8288",{"_key":474},"RHSA-2026:8289",{"_key":476},"RHSA-2026:8290",{"_key":478},"RHSA-2026:8315",{"_key":480},"RHSA-2026:8850",[],[483,484,485],{"_key":448},{"_key":450},{"_key":452},"2026-03-24T20:27:14.437Z","2026-04-13T13:51:23.615Z","Modified",{"cisa_kev":490,"cisa_ransomware":490,"cisa_vendor":9,"epss_severity":491,"epss_score":492,"severity":493,"severity_score":494,"severity_version":495,"severity_source":496,"severity_vector":497,"severity_status":488},false,"low",0.00034,"medium",6.5,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",[499,505,510],{"url":500,"sources":501,"tags":503},"https://bugzilla.mozilla.org/show_bug.cgi?id=2020723",[496,502],"nvd",[504],"Permissions Required",{"url":506,"sources":507,"tags":508},"https://www.mozilla.org/security/advisories/mfsa2026-23/",[496,502],[509],"Vendor Advisory",{"url":511,"sources":512,"tags":513},"https://www.mozilla.org/security/advisories/mfsa2026-24/",[496,502],[509],[],{"date":516,"score":492,"percentile":517},"2026-06-04",0.10285,[519,523,527,530,534,537,541,544,547,550,553,556,559,562,565,568,571,574,577,580,583,586,589,591,594,596,599,602,605,608,611,614,618,621,624,627,630,633,636,638,641,644,647,650,653,656,659,661,664,667,670,673,676,679,682,685,688,691,694,697,700,703,706,709,712,715,718,721,724,727,730,733],{"date":520,"score":521,"percentile":522},"2026-03-25",0.00017,0.03927,{"date":524,"score":525,"percentile":526},"2026-03-26",0.00023,0.06242,{"date":528,"score":525,"percentile":529},"2026-03-27",0.06237,{"date":531,"score":532,"percentile":533},"2026-03-28",0.00025,0.06685,{"date":535,"score":532,"percentile":536},"2026-03-29",0.06675,{"date":538,"score":539,"percentile":540},"2026-03-30",0.00027,0.07371,{"date":542,"score":539,"percentile":543},"2026-03-31",0.0734,{"date":545,"score":539,"percentile":546},"2026-04-01",0.07325,{"date":548,"score":539,"percentile":549},"2026-04-02",0.07437,{"date":551,"score":539,"percentile":552},"2026-04-03",0.07451,{"date":554,"score":539,"percentile":555},"2026-04-04",0.07479,{"date":557,"score":539,"percentile":558},"2026-04-05",0.0747,{"date":560,"score":539,"percentile":561},"2026-04-06",0.07439,{"date":563,"score":539,"percentile":564},"2026-04-07",0.0746,{"date":566,"score":539,"percentile":567},"2026-04-08",0.07518,{"date":569,"score":539,"percentile":570},"2026-04-09",0.07541,{"date":572,"score":539,"percentile":573},"2026-04-10",0.07552,{"date":575,"score":539,"percentile":576},"2026-04-11",0.07542,{"date":578,"score":539,"percentile":579},"2026-04-12",0.07528,{"date":581,"score":539,"percentile":582},"2026-04-13",0.07515,{"date":584,"score":539,"percentile":585},"2026-04-14",0.07421,{"date":587,"score":539,"percentile":588},"2026-04-15",0.07436,{"date":590,"score":539,"percentile":549},"2026-04-16",{"date":592,"score":539,"percentile":593},"2026-04-17",0.07427,{"date":595,"score":539,"percentile":593},"2026-04-18",{"date":597,"score":539,"percentile":598},"2026-04-19",0.07389,{"date":600,"score":539,"percentile":601},"2026-04-20",0.07372,{"date":603,"score":539,"percentile":604},"2026-04-21",0.07556,{"date":606,"score":539,"percentile":607},"2026-04-22",0.0757,{"date":609,"score":539,"percentile":610},"2026-04-23",0.07602,{"date":612,"score":539,"percentile":613},"2026-04-24",0.07517,{"date":615,"score":616,"percentile":617},"2026-04-25",0.00029,0.08303,{"date":619,"score":616,"percentile":620},"2026-04-26",0.08286,{"date":622,"score":616,"percentile":623},"2026-04-27",0.08274,{"date":625,"score":616,"percentile":626},"2026-04-28",0.08248,{"date":628,"score":616,"percentile":629},"2026-04-29",0.08255,{"date":631,"score":616,"percentile":632},"2026-04-30",0.08265,{"date":634,"score":616,"percentile":635},"2026-05-01",0.08221,{"date":637,"score":616,"percentile":623},"2026-05-02",{"date":639,"score":616,"percentile":640},"2026-05-03",0.08254,{"date":642,"score":616,"percentile":643},"2026-05-04",0.08222,{"date":645,"score":616,"percentile":646},"2026-05-05",0.08225,{"date":648,"score":616,"percentile":649},"2026-05-06",0.08238,{"date":651,"score":616,"percentile":652},"2026-05-07",0.08361,{"date":654,"score":616,"percentile":655},"2026-05-08",0.08381,{"date":657,"score":616,"percentile":658},"2026-05-09",0.0843,{"date":660,"score":616,"percentile":658},"2026-05-10",{"date":662,"score":616,"percentile":663},"2026-05-11",0.08408,{"date":665,"score":616,"percentile":666},"2026-05-12",0.08436,{"date":668,"score":616,"percentile":669},"2026-05-13",0.08448,{"date":671,"score":616,"percentile":672},"2026-05-14",0.08492,{"date":674,"score":616,"percentile":675},"2026-05-15",0.08502,{"date":677,"score":616,"percentile":678},"2026-05-16",0.08511,{"date":680,"score":616,"percentile":681},"2026-05-17",0.08498,{"date":683,"score":616,"percentile":684},"2026-05-18",0.08453,{"date":686,"score":616,"percentile":687},"2026-05-19",0.08437,{"date":689,"score":616,"percentile":690},"2026-05-20",0.08434,{"date":692,"score":616,"percentile":693},"2026-05-21",0.08416,{"date":695,"score":616,"percentile":696},"2026-05-22",0.08704,{"date":698,"score":616,"percentile":699},"2026-05-23",0.0868,{"date":701,"score":616,"percentile":702},"2026-05-24",0.08686,{"date":704,"score":616,"percentile":705},"2026-05-25",0.08676,{"date":707,"score":616,"percentile":708},"2026-05-26",0.08669,{"date":710,"score":616,"percentile":711},"2026-05-27",0.08725,{"date":713,"score":616,"percentile":714},"2026-05-28",0.08877,{"date":716,"score":616,"percentile":717},"2026-05-29",0.089,{"date":719,"score":616,"percentile":720},"2026-05-30",0.08904,{"date":722,"score":492,"percentile":723},"2026-05-31",0.10335,{"date":725,"score":492,"percentile":726},"2026-06-01",0.10315,{"date":728,"score":492,"percentile":729},"2026-06-02",0.1031,{"date":731,"score":492,"percentile":732},"2026-06-03",0.10273,{"date":516,"score":492,"percentile":517},[735,740],{"source":496,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":736,"cvss_v4_0":9},{"baseScore":494,"baseSeverity":737,"vectorString":497,"impactScore":738,"exploitabilityScore":739},"MEDIUM",6,7.2,{"source":502,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":741,"cvss_v4_0":9},{"baseScore":494,"baseSeverity":737,"vectorString":497,"impactScore":738,"exploitabilityScore":739},[743],{"ecosystem":9,"name":744,"vendor":745,"product":746,"cpe_part":747,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":748},"Thunderbird","mozilla","thunderbird","a",[749,756,759,763],{"version":750,"is_range":751,"range_type":496,"version_start":752,"version_start_type":753,"version_end":754,"version_end_type":755,"fixed_in":9},">= unspecified, \u003C 149",true,"unspecified","including","149","excluding",{"version":757,"is_range":751,"range_type":496,"version_start":752,"version_start_type":753,"version_end":758,"version_end_type":755,"fixed_in":9},">= unspecified, \u003C 140.9","140.9",{"version":760,"is_range":751,"range_type":761,"version_start":9,"version_start_type":9,"version_end":762,"version_end_type":755,"fixed_in":9},"lt140.9.0","cpe","140.9.0",{"version":764,"is_range":751,"range_type":761,"version_start":9,"version_start_type":9,"version_end":765,"version_end_type":755,"fixed_in":9},"lt149.0","149.0"]