Alpine: multiple firefox-esr packages: security update to 115.7.0-r0

high Tenable Cloud Security Plugin ID 408324

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs
showed evidence of memory corruption and we presume that with enough effort some of these could have been
exploited to run arbitrary code. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and
Thunderbird < 115.7. (CVE-2024-0755)

- An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially
exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
(CVE-2024-0741)

- It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by
the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects
Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. (CVE-2024-0742)

- A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability
affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. (CVE-2024-0746)

- When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy
could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox
ESR < 115.7, and Thunderbird < 115.7. (CVE-2024-0747)

See Also

https://security.alpinelinux.org/vuln/CVE-2024-0741

https://security.alpinelinux.org/vuln/CVE-2024-0742

https://security.alpinelinux.org/vuln/CVE-2024-0746

https://security.alpinelinux.org/vuln/CVE-2024-0747

https://security.alpinelinux.org/vuln/CVE-2024-0750

https://security.alpinelinux.org/vuln/CVE-2024-0751

https://security.alpinelinux.org/vuln/CVE-2024-0753

https://security.alpinelinux.org/vuln/CVE-2024-0755

Plugin Details

Severity: High

ID: 408324

Version: Revision 1.8

Type: Local

Published: 3/23/2024

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 6.9

Percentile: 97.35

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2024-0755

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 1/23/2024

Reference Information

CVE: CVE-2024-0741, CVE-2024-0742, CVE-2024-0746, CVE-2024-0747, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753, CVE-2024-0755