Alpine: firefox-esr: security update to 52.6.0-r1 (deprecated)

critical Tenable Cloud Security Plugin ID 400709

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and
we presume that with enough effort that some of these could be exploited to run arbitrary code. This
vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7. (CVE-2018-5145)

- Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of
memory corruption and we presume that with enough effort that some of these could be exploited to run
arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.
(CVE-2018-5125)

- A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results
in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and
Firefox < 59. (CVE-2018-5127)

- A lack of parameter validation on IPC messages results in a potential out-of-bounds write through
malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the
parent process. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.
(CVE-2018-5129)

- When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a
potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox <
59. (CVE-2018-5130)

See Also

https://git.alpinelinux.org/aports/commit/?id=980fe9bdff6617cc00c5e0e2f5c1b254038ed4d2

https://git.alpinelinux.org/aports/commit/?id=a8f1143329e197d7e2fcbd54b15ed6f5c954f633

Plugin Details

Severity: Critical

ID: 400709

Version: Revision 1.29

Type: Local

Published: 8/16/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.15

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2018-5145

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 4/2/2018

Vulnerability Publication Date: 3/13/2018

Reference Information

CVE: CVE-2018-5125, CVE-2018-5127, CVE-2018-5129, CVE-2018-5130, CVE-2018-5131, CVE-2018-5144, CVE-2018-5145

BID: 103384, 103388