Alpine: multiple librewolf packages: security update to 102.0-r0

critical Tenable Cloud Security Plugin ID 426197

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Mozilla developers Bryce Seager van Dyk and the Mozilla Fuzzing Team reported potential vulnerabilities
present in Firefox 101. Some of these bugs showed evidence of memory corruption and we presume that with
enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects
Firefox < 102. (CVE-2022-34485)

- If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes
on a JavaScript object, leading to privileged code execution. This vulnerability affects Firefox < 102,
Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. (CVE-2022-2200)

- An iframe that was not permitted to run scripts could do so if the user clicked on a
<code>javascript:</code> link. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird
< 102, and Thunderbird < 91.11. (CVE-2022-34468)

- When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow
the user to bypass the certificate error. On Firefox for Android, the user was presented with the option
to bypass the error; this could only have been done by the user explicitly. <br>*This bug only affects
Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102.
(CVE-2022-34469)

- Session history navigations may have led to a use-after-free and potentially exploitable crash. This
vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
(CVE-2022-34470)

See Also

https://security.alpinelinux.org/vuln/CVE-2022-2200

https://security.alpinelinux.org/vuln/CVE-2022-34468

https://security.alpinelinux.org/vuln/CVE-2022-34469

https://security.alpinelinux.org/vuln/CVE-2022-34470

https://security.alpinelinux.org/vuln/CVE-2022-34471

https://security.alpinelinux.org/vuln/CVE-2022-34472

https://security.alpinelinux.org/vuln/CVE-2022-34473

https://security.alpinelinux.org/vuln/CVE-2022-34474

https://security.alpinelinux.org/vuln/CVE-2022-34475

https://security.alpinelinux.org/vuln/CVE-2022-34476

https://security.alpinelinux.org/vuln/CVE-2022-34477

https://security.alpinelinux.org/vuln/CVE-2022-34478

https://security.alpinelinux.org/vuln/CVE-2022-34479

https://security.alpinelinux.org/vuln/CVE-2022-34480

https://security.alpinelinux.org/vuln/CVE-2022-34481

https://security.alpinelinux.org/vuln/CVE-2022-34482

https://security.alpinelinux.org/vuln/CVE-2022-34483

https://security.alpinelinux.org/vuln/CVE-2022-34484

https://security.alpinelinux.org/vuln/CVE-2022-34485

Plugin Details

Severity: Critical

ID: 426197

Version: Revision 1.5

Type: Local

Published: 5/16/2025

Updated: 6/1/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-34485

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 6/28/2022

Reference Information

CVE: CVE-2022-2200, CVE-2022-34468, CVE-2022-34469, CVE-2022-34470, CVE-2022-34471, CVE-2022-34472, CVE-2022-34473, CVE-2022-34474, CVE-2022-34475, CVE-2022-34476, CVE-2022-34477, CVE-2022-34478, CVE-2022-34479, CVE-2022-34480, CVE-2022-34481, CVE-2022-34482, CVE-2022-34483, CVE-2022-34484, CVE-2022-34485