Alpine: multiple librewolf packages: security update to 90.0-r0

high Tenable Self-Hosted Container Security Plugin ID 426479

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to
potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)

- A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially
exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability
affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90. (CVE-2021-29970)

- A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating
the library resolved the issue, and may have remediated other, unknown security vulnerabilities as well.
This vulnerability affects Firefox < 90. (CVE-2021-29972)

- When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS
error page would allow the user to override an error on a domain which had specified HTTP Strict Transport
Security (which implies that the error should not be override-able.) This issue did not affect the network
connections, and they were correctly upgraded to HTTPS automatically. This vulnerability affects Firefox <
90. (CVE-2021-29974)

- Through a series of DOM manipulations, a message, over which the attacker had control of the text but not
HTML or formatting, could be overlaid on top of another domain (with the new domain correctly shown in the
address bar) resulting in possible user confusion. This vulnerability affects Firefox < 90.
(CVE-2021-29975)

See Also

https://security.alpinelinux.org/vuln/CVE-2021-29970

https://security.alpinelinux.org/vuln/CVE-2021-29972

https://security.alpinelinux.org/vuln/CVE-2021-29974

https://security.alpinelinux.org/vuln/CVE-2021-29975

https://security.alpinelinux.org/vuln/CVE-2021-29976

https://security.alpinelinux.org/vuln/CVE-2021-29977

https://security.alpinelinux.org/vuln/CVE-2021-30547

Plugin Details

Severity: High

ID: 426479

Version: Revision 1.4

Type: Local

Published: 5/16/2025

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.12

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-30547

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 6/8/2021

Reference Information

CVE: CVE-2021-29970, CVE-2021-29972, CVE-2021-29974, CVE-2021-29975, CVE-2021-29976, CVE-2021-29977, CVE-2021-30547