Alpine: multiple firefox-esr packages: security update to 102.11.0-r0

high Tenable Cloud Security Plugin ID 426945

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian
Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112
and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with
enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects
Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. (CVE-2023-32215)

- In multiple cases browser prompts could have been obscured by popups controlled by content. These could
have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113,
Firefox ESR < 102.11, and Thunderbird < 102.11. (CVE-2023-32205)

- An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects
Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. (CVE-2023-32206)

- A missing delay in popup notifications could have made it possible for an attacker to trick a user into
granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird <
102.11. (CVE-2023-32207)

- A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox <
113, Firefox ESR < 102.11, and Thunderbird < 102.11. (CVE-2023-32211)

See Also

https://security.alpinelinux.org/vuln/CVE-2023-32205

https://security.alpinelinux.org/vuln/CVE-2023-32206

https://security.alpinelinux.org/vuln/CVE-2023-32207

https://security.alpinelinux.org/vuln/CVE-2023-32211

https://security.alpinelinux.org/vuln/CVE-2023-32212

https://security.alpinelinux.org/vuln/CVE-2023-32213

https://security.alpinelinux.org/vuln/CVE-2023-32214

https://security.alpinelinux.org/vuln/CVE-2023-32215

Plugin Details

Severity: High

ID: 426945

Version: Revision 1.4

Type: Local

Published: 5/16/2025

Updated: 12/4/2025

Supported Sensors: Agentless Assessment

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.15

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-32215

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 5/9/2023

Reference Information

CVE: CVE-2023-32205, CVE-2023-32206, CVE-2023-32207, CVE-2023-32211, CVE-2023-32212, CVE-2023-32213, CVE-2023-32214, CVE-2023-32215