Detections
Analytics

Alpine: multiple librewolf packages: security update to 85.0-r0

high Tenable Self-Hosted Container Security Plugin ID 426999

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

 - Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence
 of memory corruption and we presume that with enough effort some of these could have been exploited to run
 arbitrary code. This vulnerability affects Firefox < 85. (CVE-2021-23965)

 - Using the new logical assignment operators in a JavaScript switch statement could have caused a type
 confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects
 Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. (CVE-2021-23954)

 - The browser could have been confused into transferring a pointer lock state into another tab, which could
 have lead to clickjacking attacks. This vulnerability affects Firefox < 85. (CVE-2021-23955)

 - An ambiguous file picker design could have confused users who intended to select and upload a single file
 into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects
 Firefox < 85. (CVE-2021-23956)

 - Navigations through the Android-specific `intent` URL scheme could have been misused to escape iframe
 sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This
 vulnerability affects Firefox < 85. (CVE-2021-23957)

See Also

https://security.alpinelinux.org/vuln/CVE-2021-23954

https://security.alpinelinux.org/vuln/CVE-2021-23955

https://security.alpinelinux.org/vuln/CVE-2021-23956

https://security.alpinelinux.org/vuln/CVE-2021-23957

https://security.alpinelinux.org/vuln/CVE-2021-23958

https://security.alpinelinux.org/vuln/CVE-2021-23959

https://security.alpinelinux.org/vuln/CVE-2021-23960

https://security.alpinelinux.org/vuln/CVE-2021-23961

https://security.alpinelinux.org/vuln/CVE-2021-23962

https://security.alpinelinux.org/vuln/CVE-2021-23963

https://security.alpinelinux.org/vuln/CVE-2021-23964

https://security.alpinelinux.org/vuln/CVE-2021-23965

Plugin Details

Severity: High

ID: 426999

Version: Revision 1.3

Type: Local

Published: 5/16/2025

Updated: 12/4/2025

Supported Sensors: Agentless Assessment

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-23965

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 1/26/2021

Reference Information

CVE: CVE-2021-23954, CVE-2021-23955, CVE-2021-23956, CVE-2021-23957, CVE-2021-23958, CVE-2021-23959, CVE-2021-23960, CVE-2021-23961, CVE-2021-23962, CVE-2021-23963, CVE-2021-23964, CVE-2021-23965