Alpine: multiple librewolf packages: security update to 92.0.1-r0

high Tenable Cloud Security Plugin ID 426480

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence
of memory corruption and we presume that with enough effort some of these could have been exploited to run
arbitrary code. This vulnerability affects Firefox < 92. (CVE-2021-38494)

- Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption
and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91,
Firefox ESR < 78.13, and Firefox < 91. (CVE-2021-29980)

- An issue present in lowering/register allocation could have led to obscure but deterministic register
confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability
affects Firefox < 91 and Thunderbird < 91. (CVE-2021-29981)

- Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object,
resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 and
Thunderbird < 91. (CVE-2021-29982)

- Firefox for Android could get stuck in fullscreen mode and not exit it even after normal interactions that
should cause it to exit. *Note: This issue only affected Firefox for Android. Other operating systems are
unaffected.*. This vulnerability affects Firefox < 91. (CVE-2021-29983)

See Also

https://security.alpinelinux.org/vuln/CVE-2021-29980

https://security.alpinelinux.org/vuln/CVE-2021-29981

https://security.alpinelinux.org/vuln/CVE-2021-29982

https://security.alpinelinux.org/vuln/CVE-2021-29983

https://security.alpinelinux.org/vuln/CVE-2021-29984

https://security.alpinelinux.org/vuln/CVE-2021-29985

https://security.alpinelinux.org/vuln/CVE-2021-29986

https://security.alpinelinux.org/vuln/CVE-2021-29987

https://security.alpinelinux.org/vuln/CVE-2021-29988

https://security.alpinelinux.org/vuln/CVE-2021-29989

https://security.alpinelinux.org/vuln/CVE-2021-29990

https://security.alpinelinux.org/vuln/CVE-2021-29991

https://security.alpinelinux.org/vuln/CVE-2021-29993

https://security.alpinelinux.org/vuln/CVE-2021-38491

https://security.alpinelinux.org/vuln/CVE-2021-38492

https://security.alpinelinux.org/vuln/CVE-2021-38493

https://security.alpinelinux.org/vuln/CVE-2021-38494

Plugin Details

Severity: High

ID: 426480

Version: Revision 1.3

Type: Local

Published: 5/16/2025

Updated: 12/4/2025

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.12

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-38494

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 8/10/2021

Reference Information

CVE: CVE-2021-29980, CVE-2021-29981, CVE-2021-29982, CVE-2021-29983, CVE-2021-29984, CVE-2021-29985, CVE-2021-29986, CVE-2021-29987, CVE-2021-29988, CVE-2021-29989, CVE-2021-29990, CVE-2021-29991, CVE-2021-29993, CVE-2021-38491, CVE-2021-38492, CVE-2021-38493, CVE-2021-38494