Alpine: multiple firefox packages: security update to 89.0-r0

high Tenable Cloud Security Plugin ID 404382

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these
bugs showed evidence of memory corruption and we presume that with enough effort some of these could have
been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and
Firefox ESR < 78.11. (CVE-2021-29967)

- When a user has already allowed a website to access microphone and camera, disabling camera sharing would
not fully prevent the website from re-enabling it without an additional prompt. This was only possible if
the website kept recording with the microphone until re-enabling the camera. This vulnerability affects
Firefox < 89. (CVE-2021-29959)

- Firefox used to cache the last filename used for printing a file. When generating a filename for printing,
Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead
to the title of a website visited during private browsing mode being stored on disk. This vulnerability
affects Firefox < 89. (CVE-2021-29960)

- When styling and rendering an oversized `<select>` element, Firefox did not apply correct clipping which
allowed an attacker to paint over the user interface. This vulnerability affects Firefox < 89.
(CVE-2021-29961)

- Firefox for Android would become unstable and hard-to-recover when a website opened too many popups. *This
bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects
Firefox < 89. (CVE-2021-29962)

See Also

https://security.alpinelinux.org/vuln/CVE-2021-29959

https://security.alpinelinux.org/vuln/CVE-2021-29960

https://security.alpinelinux.org/vuln/CVE-2021-29961

https://security.alpinelinux.org/vuln/CVE-2021-29962

https://security.alpinelinux.org/vuln/CVE-2021-29963

https://security.alpinelinux.org/vuln/CVE-2021-29965

https://security.alpinelinux.org/vuln/CVE-2021-29966

https://security.alpinelinux.org/vuln/CVE-2021-29967

Plugin Details

Severity: High

ID: 404382

Version: Revision 1.26

Type: Local

Published: 10/31/2023

Updated: 12/4/2025

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.12

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-29967

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 6/1/2021

Reference Information

CVE: CVE-2021-29959, CVE-2021-29960, CVE-2021-29961, CVE-2021-29962, CVE-2021-29963, CVE-2021-29965, CVE-2021-29966, CVE-2021-29967

IAVA: 2021-A-0264-S