Alpine: multiple firefox packages: security update to 88.0-r0

high Tenable Self-Hosted Container Security Plugin ID 404380

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Mozilla developers and community members reported memory safety bugs present in Firefox 87. Some of these
bugs showed evidence of memory corruption and we presume that with enough effort some of these could have
been exploited to run arbitrary code. This vulnerability affects Firefox < 88. (CVE-2021-29947)

- A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound
write. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
(CVE-2021-23994)

- When Responsive Design Mode was enabled, it used references to objects that were previously freed. We
presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability
affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. (CVE-2021-23995)

- By utilizing 3D CSS in conjunction with Javascript, content could have been rendered outside the webpage's
viewport, resulting in a spoofing attack that could have been used for phishing or other attacks on a
user. This vulnerability affects Firefox < 88. (CVE-2021-23996)

- Due to unexpected data type conversions, a use-after-free could have occurred when interacting with the
font cache. We presume that with enough effort this could have been exploited to run arbitrary code. This
vulnerability affects Firefox < 88. (CVE-2021-23997)

See Also

https://security.alpinelinux.org/vuln/CVE-2021-23994

https://security.alpinelinux.org/vuln/CVE-2021-23995

https://security.alpinelinux.org/vuln/CVE-2021-23996

https://security.alpinelinux.org/vuln/CVE-2021-23997

https://security.alpinelinux.org/vuln/CVE-2021-23998

https://security.alpinelinux.org/vuln/CVE-2021-23999

https://security.alpinelinux.org/vuln/CVE-2021-24000

https://security.alpinelinux.org/vuln/CVE-2021-24001

https://security.alpinelinux.org/vuln/CVE-2021-24002

https://security.alpinelinux.org/vuln/CVE-2021-29944

https://security.alpinelinux.org/vuln/CVE-2021-29945

https://security.alpinelinux.org/vuln/CVE-2021-29946

https://security.alpinelinux.org/vuln/CVE-2021-29947

Plugin Details

Severity: High

ID: 404380

Version: Revision 1.26

Type: Local

Published: 10/31/2023

Updated: 12/4/2025

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.15

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-29947

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 4/19/2021

Reference Information

CVE: CVE-2021-23994, CVE-2021-23995, CVE-2021-23996, CVE-2021-23997, CVE-2021-23998, CVE-2021-23999, CVE-2021-24000, CVE-2021-24001, CVE-2021-24002, CVE-2021-29944, CVE-2021-29945, CVE-2021-29946, CVE-2021-29947

IAVA: 2021-A-0185-S