** Note that this is a public ticket, please refrain from adding any sensitive data. **

Description of Problem

CVE-2020-12390 is being reported in the Insights portal . The CVE applies to Mozilla Firefox version 76, but the installed Firefox version is 140, which already includes the upstream fix. Firefox is also not actively used in the operating environment, making the finding a false positive.

Steps to Reproduce

1.  Run vulnerability scans or review the Red Hat Insights dashboard.
2. Observe CVE-2020-12390 flagged against the affected systems.
3.  Verify installed Firefox version (v140) and confirm Firefox is not actively used.

Actual Behavior

The Insights portal continues to report CVE-2020-12390 as a critical vulnerability despite the installed Firefox version being newer than the fixed version and the application not being used, resulting in a false positive finding.

Expected Behavior

The CVE should not be reported in the Insights portal when the affected software version is already patched or not applicable to the environment.

Business Impact / Additional info

The customer organization's Infosec team pulls data directly from Insights for compliance reporting, and this false positive is being flagged as non-compliance, resulting in unnecessary audit findings and remediation effort.