Alpine: multiple firefox-esr packages: security update to 115.5.0-r0

critical Tenable Cloud Security Plugin ID 408047

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs
showed evidence of memory corruption and we presume that with enough effort some of these could have been
exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and
Thunderbird < 115.5. (CVE-2023-6212)

- It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by
the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR <
115.4, and Thunderbird < 115.4.1. (CVE-2023-5721)

- Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led
to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
(CVE-2023-5724)

- A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be
leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4,
and Thunderbird < 115.4.1. (CVE-2023-5725)

- A website could have obscured the full screen notification by using the file open dialog. This could have
led to user confusion and possible spoofing attacks. *Note: This issue only affected macOS operating
systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR <
115.4, and Thunderbird < 115.4.1. (CVE-2023-5726)

See Also

https://security.alpinelinux.org/vuln/CVE-2023-5721

https://security.alpinelinux.org/vuln/CVE-2023-5724

https://security.alpinelinux.org/vuln/CVE-2023-5725

https://security.alpinelinux.org/vuln/CVE-2023-5726

https://security.alpinelinux.org/vuln/CVE-2023-5727

https://security.alpinelinux.org/vuln/CVE-2023-5728

https://security.alpinelinux.org/vuln/CVE-2023-5730

https://security.alpinelinux.org/vuln/CVE-2023-5732

https://security.alpinelinux.org/vuln/CVE-2023-6204

https://security.alpinelinux.org/vuln/CVE-2023-6205

https://security.alpinelinux.org/vuln/CVE-2023-6206

https://security.alpinelinux.org/vuln/CVE-2023-6207

https://security.alpinelinux.org/vuln/CVE-2023-6208

https://security.alpinelinux.org/vuln/CVE-2023-6209

https://security.alpinelinux.org/vuln/CVE-2023-6212

Plugin Details

Severity: Critical

ID: 408047

Version: Revision 1.30

Type: Local

Published: 11/27/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.58

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-6212

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2023-5730

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 8/29/2023

Reference Information

CVE: CVE-2023-5721, CVE-2023-5724, CVE-2023-5725, CVE-2023-5726, CVE-2023-5727, CVE-2023-5728, CVE-2023-5730, CVE-2023-5732, CVE-2023-6204, CVE-2023-6205, CVE-2023-6206, CVE-2023-6207, CVE-2023-6208, CVE-2023-6209, CVE-2023-6212