Alpine: thunderbird: security update to 78.6.1-r0

high Tenable Self-Hosted Container Security Plugin ID 426813

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these
bugs showed evidence of memory corruption and we presume that with enough effort some of these could have
been exploited to run arbitrary code. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and
Firefox ESR < 78.6. (CVE-2020-35113)

- Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain
potentially sensitive information from process memory via a crafted HTML page. (CVE-2020-16042)

- Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially
exploit heap corruption via a crafted SCTP packet. (CVE-2020-16044)

- Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow
on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR <
78.6. (CVE-2020-26971)

- Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This
could have been used as a sanitizer bypass. This vulnerability affects Firefox < 84, Thunderbird < 78.6,
and Firefox ESR < 78.6. (CVE-2020-26973)

See Also

https://security.alpinelinux.org/vuln/CVE-2020-16042

https://security.alpinelinux.org/vuln/CVE-2020-16044

https://security.alpinelinux.org/vuln/CVE-2020-26971

https://security.alpinelinux.org/vuln/CVE-2020-26973

https://security.alpinelinux.org/vuln/CVE-2020-26974

https://security.alpinelinux.org/vuln/CVE-2020-26978

https://security.alpinelinux.org/vuln/CVE-2020-35111

https://security.alpinelinux.org/vuln/CVE-2020-35112

https://security.alpinelinux.org/vuln/CVE-2020-35113

Plugin Details

Severity: High

ID: 426813

Version: Revision 1.3

Type: Local

Published: 5/16/2025

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.12

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-35113

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 12/2/2020

Reference Information

CVE: CVE-2020-16042, CVE-2020-16044, CVE-2020-26971, CVE-2020-26973, CVE-2020-26974, CVE-2020-26978, CVE-2020-35111, CVE-2020-35112, CVE-2020-35113

IAVA: 2020-A-0575-S