Alpine: multiple firefox packages: security update to 83.0-r0

critical Tenable Cloud Security Plugin ID 404375

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Mozilla developers reported memory safety bugs present in Firefox 82. Some of these bugs showed evidence
of memory corruption and we presume that with enough effort some of these could have been exploited to run
arbitrary code. This vulnerability affects Firefox < 83. (CVE-2020-26969)

- Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to
potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)

- Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote
attacker to leak cross-origin data via a crafted HTML page. (CVE-2020-16012)

- Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and
a potentially exploitable crash when handling out-of-memory errors. This vulnerability affects Firefox <
83. (CVE-2020-26952)

- It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus
making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects
Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. (CVE-2020-26953)

See Also

https://security.alpinelinux.org/vuln/CVE-2020-15999

https://security.alpinelinux.org/vuln/CVE-2020-16012

https://security.alpinelinux.org/vuln/CVE-2020-26952

https://security.alpinelinux.org/vuln/CVE-2020-26953

https://security.alpinelinux.org/vuln/CVE-2020-26954

https://security.alpinelinux.org/vuln/CVE-2020-26955

https://security.alpinelinux.org/vuln/CVE-2020-26956

https://security.alpinelinux.org/vuln/CVE-2020-26957

https://security.alpinelinux.org/vuln/CVE-2020-26958

https://security.alpinelinux.org/vuln/CVE-2020-26959

https://security.alpinelinux.org/vuln/CVE-2020-26960

https://security.alpinelinux.org/vuln/CVE-2020-26961

https://security.alpinelinux.org/vuln/CVE-2020-26962

https://security.alpinelinux.org/vuln/CVE-2020-26963

https://security.alpinelinux.org/vuln/CVE-2020-26964

https://security.alpinelinux.org/vuln/CVE-2020-26965

https://security.alpinelinux.org/vuln/CVE-2020-26966

https://security.alpinelinux.org/vuln/CVE-2020-26967

https://security.alpinelinux.org/vuln/CVE-2020-26968

https://security.alpinelinux.org/vuln/CVE-2020-26969

Plugin Details

Severity: Critical

ID: 404375

Version: Revision 1.31

Type: Local

Published: 10/31/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Critical

Score: 9.3

Percentile: 99.81

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2020-26969

CVSS v3

Risk Factor: Critical

Base Score: 9.6

Temporal Score: 9.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2020-15999

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 10/20/2020

CISA Known Exploited Vulnerability Due Dates: 11/17/2021

Reference Information

CVE: CVE-2020-15999, CVE-2020-16012, CVE-2020-26952, CVE-2020-26953, CVE-2020-26954, CVE-2020-26955, CVE-2020-26956, CVE-2020-26957, CVE-2020-26958, CVE-2020-26959, CVE-2020-26960, CVE-2020-26961, CVE-2020-26962, CVE-2020-26963, CVE-2020-26964, CVE-2020-26965, CVE-2020-26966, CVE-2020-26967, CVE-2020-26968, CVE-2020-26969

IAVA: 2020-A-0537-S