Detections
Analytics

Alpine: multiple firefox-esr packages: security update to 115.9.0-r0

high Tenable Self-Hosted Container Security Plugin ID 408326

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

 - Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs
 showed evidence of memory corruption and we presume that with enough effort some of these could have been
 exploited to run arbitrary code. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and
 Thunderbird < 115.9. (CVE-2024-2614)

 - NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could
 potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124,
 Firefox ESR < 115.9, and Thunderbird < 115.9. (CVE-2023-5388)

 - An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This
 vulnerability affects Firefox < 122, Firefox ESR < 115.9, and Thunderbird < 115.9. (CVE-2024-0743)

 - An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping
 the sandbox. *Note:* This issue only affected Windows operating systems. Other operating systems are
 unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
 (CVE-2024-2605)

 - Return registers were overwritten which could have allowed an attacker to execute arbitrary code. *Note:*
 This issue only affected Armv7-A systems. Other operating systems are unaffected. This vulnerability
 affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. (CVE-2024-2607)

See Also

https://security.alpinelinux.org/vuln/CVE-2023-5388

https://security.alpinelinux.org/vuln/CVE-2024-0743

https://security.alpinelinux.org/vuln/CVE-2024-2605

https://security.alpinelinux.org/vuln/CVE-2024-2607

https://security.alpinelinux.org/vuln/CVE-2024-2608

https://security.alpinelinux.org/vuln/CVE-2024-2610

https://security.alpinelinux.org/vuln/CVE-2024-2611

https://security.alpinelinux.org/vuln/CVE-2024-2612

https://security.alpinelinux.org/vuln/CVE-2024-2614

https://security.alpinelinux.org/vuln/CVE-2024-2616

Plugin Details

Severity: High

ID: 408326

Version: Revision 1.19

Type: Local

Published: 3/23/2024

Updated: 6/1/2026

Supported Sensors: Agentless Assessment

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2024-2614

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 1/19/2024

Reference Information

CVE: CVE-2023-5388, CVE-2024-0743, CVE-2024-2605, CVE-2024-2607, CVE-2024-2608, CVE-2024-2610, CVE-2024-2611, CVE-2024-2612, CVE-2024-2614, CVE-2024-2616