Alpine: firefox-esr: security update to 52.2.0-r1 (deprecated)

critical Tenable Cloud Security Plugin ID 400829

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs
showed evidence of memory corruption and we presume that with enough effort that some of these could be
exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and
Firefox < 55. (CVE-2017-7779)

- An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using
cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
(CVE-2017-7753)

- A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after
the observer has been freed. This results in a potentially exploitable crash. This vulnerability affects
Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. (CVE-2017-7784)

- A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes
within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird <
52.3, Firefox ESR < 52.3, and Firefox < 55. (CVE-2017-7785)

See Also

https://git.alpinelinux.org/aports/commit/?id=3249386fe330c51006e62c37838af2105be0e3d7

https://git.alpinelinux.org/aports/commit/?id=a8f61ee835d9aa73954e0b4069ced00e05a56ca3

Plugin Details

Severity: Critical

ID: 400829

Version: Revision 1.31

Type: Local

Published: 8/16/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.15

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2017-7779

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2017-7809

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/11/2017

Vulnerability Publication Date: 8/8/2017

Reference Information

CVE: CVE-2017-7753, CVE-2017-7779, CVE-2017-7784, CVE-2017-7785, CVE-2017-7786, CVE-2017-7787, CVE-2017-7791, CVE-2017-7792, CVE-2017-7798, CVE-2017-7800, CVE-2017-7801, CVE-2017-7802, CVE-2017-7803, CVE-2017-7807, CVE-2017-7809

BID: 100196, 100197, 100198, 100201, 100202, 100203, 100206, 100234, 100240, 100242, 100315