Alpine: multiple firefox packages: security update to 119.0-r0

critical Tenable Cloud Security Plugin ID 427304

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Memory safety bugs present in Firefox 118. Some of these bugs showed evidence of memory corruption and we
presume that with enough effort some of these could have been exploited to run arbitrary code. This
vulnerability affects Firefox < 119. (CVE-2023-5731)

- It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by
the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR <
115.4, and Thunderbird < 115.4.1. (CVE-2023-5721)

- Using iterative requests an attacker was able to learn the size of an opaque response, as well as the
contents of a server-supplied Vary header. This vulnerability affects Firefox < 119. (CVE-2023-5722)

- An attacker with temporary script access to a site could have set a cookie containing invalid characters
using `document.cookie` that could have led to unknown errors. This vulnerability affects Firefox < 119.
(CVE-2023-5723)

- Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led
to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
(CVE-2023-5724)

See Also

https://security.alpinelinux.org/vuln/CVE-2023-5721

https://security.alpinelinux.org/vuln/CVE-2023-5722

https://security.alpinelinux.org/vuln/CVE-2023-5723

https://security.alpinelinux.org/vuln/CVE-2023-5724

https://security.alpinelinux.org/vuln/CVE-2023-5725

https://security.alpinelinux.org/vuln/CVE-2023-5726

https://security.alpinelinux.org/vuln/CVE-2023-5727

https://security.alpinelinux.org/vuln/CVE-2023-5728

https://security.alpinelinux.org/vuln/CVE-2023-5729

https://security.alpinelinux.org/vuln/CVE-2023-5730

https://security.alpinelinux.org/vuln/CVE-2023-5731

Plugin Details

Severity: Critical

ID: 427304

Version: Revision 1.3

Type: Local

Published: 5/16/2025

Updated: 12/16/2025

Supported Sensors: Agentless Assessment

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.58

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-5731

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 10/24/2023

Reference Information

CVE: CVE-2023-5721, CVE-2023-5722, CVE-2023-5723, CVE-2023-5724, CVE-2023-5725, CVE-2023-5726, CVE-2023-5727, CVE-2023-5728, CVE-2023-5729, CVE-2023-5730, CVE-2023-5731

IAVA: 2023-A-0585-S