Detections
Analytics
Alpine: multiple firefox packages: security update to 85.0-r0
high Tenable Self-Hosted Container Security Plugin ID 404378
Description
There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:- Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence
of memory corruption and we presume that with enough effort some of these could have been exploited to run
arbitrary code. This vulnerability affects Firefox < 85. (CVE-2021-23965)
- Using the new logical assignment operators in a JavaScript switch statement could have caused a type
confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects
Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. (CVE-2021-23954)
- The browser could have been confused into transferring a pointer lock state into another tab, which could
have lead to clickjacking attacks. This vulnerability affects Firefox < 85. (CVE-2021-23955)
- An ambiguous file picker design could have confused users who intended to select and upload a single file
into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects
Firefox < 85. (CVE-2021-23956)
- Navigations through the Android-specific `intent` URL scheme could have been misused to escape iframe
sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This
vulnerability affects Firefox < 85. (CVE-2021-23957)
See Also
https://security.alpinelinux.org/vuln/CVE-2021-23954
https://security.alpinelinux.org/vuln/CVE-2021-23955
https://security.alpinelinux.org/vuln/CVE-2021-23956
https://security.alpinelinux.org/vuln/CVE-2021-23957
https://security.alpinelinux.org/vuln/CVE-2021-23958
https://security.alpinelinux.org/vuln/CVE-2021-23959
https://security.alpinelinux.org/vuln/CVE-2021-23960
https://security.alpinelinux.org/vuln/CVE-2021-23961
https://security.alpinelinux.org/vuln/CVE-2021-23962
https://security.alpinelinux.org/vuln/CVE-2021-23963
Plugin Details
Severity: High
ID: 404378
Version: Revision 1.26
Type: Local
Published: 10/31/2023
Updated: 12/4/2025
Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2021-23965
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
Exploit Available: true
Exploit Ease: Exploits are available
Vulnerability Publication Date: 1/26/2021
Reference Information
CVE: CVE-2021-23954, CVE-2021-23955, CVE-2021-23956, CVE-2021-23957, CVE-2021-23958, CVE-2021-23959, CVE-2021-23960, CVE-2021-23961, CVE-2021-23962, CVE-2021-23963, CVE-2021-23964, CVE-2021-23965
IAVA: 2021-A-0051-S, 2021-A-0185-S