Alpine: xulrunner: security update to 2.0-r4 (deprecated)

critical Tenable Self-Hosted Container Security Plugin ID 401257

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before
4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute arbitrary code via unknown vectors. (CVE-2011-0081)

- Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before
3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote
attackers to cause a denial of service (memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0070. (CVE-2011-0069)

- Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before
3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote
attackers to cause a denial of service (memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0069. (CVE-2011-0070)

- Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before
3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial
of service (memory corruption and application crash) or possibly execute arbitrary code via unknown
vectors, a different vulnerability than CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078.
(CVE-2011-0072)

See Also

https://git.alpinelinux.org/aports/commit/?id=a1fef2bc9af65c2144429e948a368c8fb2620524

https://git.alpinelinux.org/aports/commit/?id=b22b799962a7aa60c5dd0563775240f8769fc78e

Plugin Details

Severity: Critical

ID: 401257

Version: Revision 1.22

Type: Local

Published: 8/16/2023

Updated: 1/17/2024

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2011-0081

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2011-0080

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/30/2011

Vulnerability Publication Date: 3/8/2011

Reference Information

CVE: CVE-2011-0068, CVE-2011-0069, CVE-2011-0070, CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0079, CVE-2011-0080, CVE-2011-0081, CVE-2011-1202

BID: 47641, 47646, 47647, 47648, 47651, 47653, 47654, 47655, 47656, 47657, 47661, 47668