Alpine: multiple librewolf packages: security update to 100.0-r0

critical Tenable Self-Hosted Container Security Plugin ID 426891

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Mozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs
present in Firefox 99. Some of these bugs showed evidence of memory corruption and we presume that with
enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects
Firefox < 100. (CVE-2022-29918)

- Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the
top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions. This
vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. (CVE-2022-29909)

- When closed or sent to the background, Firefox for Android would not properly record and persist HSTS
settings.<br>*Note: This issue only affected Firefox for Android. Other operating systems are
unaffected.*. This vulnerability affects Firefox < 100. (CVE-2022-29910)

- An improper implementation of the new iframe sandbox keyword <code>allow-top-navigation-by-user-
activation</code> could lead to script execution without <code>allow-scripts</code> being present. This
vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. (CVE-2022-29911)

- Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This
vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. (CVE-2022-29912)

See Also

https://security.alpinelinux.org/vuln/CVE-2022-29909

https://security.alpinelinux.org/vuln/CVE-2022-29910

https://security.alpinelinux.org/vuln/CVE-2022-29911

https://security.alpinelinux.org/vuln/CVE-2022-29912

https://security.alpinelinux.org/vuln/CVE-2022-29914

https://security.alpinelinux.org/vuln/CVE-2022-29915

https://security.alpinelinux.org/vuln/CVE-2022-29916

https://security.alpinelinux.org/vuln/CVE-2022-29917

https://security.alpinelinux.org/vuln/CVE-2022-29918

Plugin Details

Severity: Critical

ID: 426891

Version: Revision 1.6

Type: Local

Published: 5/16/2025

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.12

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-29918

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2022-29917

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 5/3/2022

Reference Information

CVE: CVE-2022-29909, CVE-2022-29910, CVE-2022-29911, CVE-2022-29912, CVE-2022-29914, CVE-2022-29915, CVE-2022-29916, CVE-2022-29917, CVE-2022-29918