Alpine: multiple firefox-esr packages: security update to 102.7.0-r0

high Tenable Cloud Security Plugin ID 427373

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This
vulnerability affects Firefox < 108. (CVE-2022-46871)

- By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in
potential user confusion or spoofing attacks. This vulnerability affects Firefox < 108. (CVE-2022-46877)

- Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain
MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to
`DataTransfer.setData`. This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird <
102.7. (CVE-2023-23598)

- When copying a network request from the developer tools panel as a curl command the output was not being
properly sanitized and could allow arbitrary commands to be hidden within. This vulnerability affects
Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7. (CVE-2023-23599)

See Also

https://security.alpinelinux.org/vuln/CVE-2022-46871

https://security.alpinelinux.org/vuln/CVE-2022-46877

https://security.alpinelinux.org/vuln/CVE-2023-23598

https://security.alpinelinux.org/vuln/CVE-2023-23599

https://security.alpinelinux.org/vuln/CVE-2023-23601

https://security.alpinelinux.org/vuln/CVE-2023-23602

https://security.alpinelinux.org/vuln/CVE-2023-23603

https://security.alpinelinux.org/vuln/CVE-2023-23605

Plugin Details

Severity: High

ID: 427373

Version: Revision 1.7

Type: Local

Published: 5/16/2025

Updated: 12/22/2025

Supported Sensors: Agentless Assessment

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 58

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-46871

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2023-23605

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 12/15/2022

Reference Information

CVE: CVE-2022-46871, CVE-2022-46877, CVE-2023-23598, CVE-2023-23599, CVE-2023-23601, CVE-2023-23602, CVE-2023-23603, CVE-2023-23605