VulnerableCode Package Details - pkg:apk/alpine/librewolf@80.0-r0?arch=ppc64le&distroversion=v3.23&reponame=community

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-e3j5-kyhm-7ye1	When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controlled signing key.	CVE-2020-15667
VCID-jtsz-m5jr-ebdc	Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.	CVE-2020-15664
VCID-k4a4-f1as-x3bj	NSS has multiple information disclosure vulnerabilities when handling secret key material.	CVE-2020-12400
VCID-kbpr-dnqh-37fu	Mozilla developers Jason Kratzer, Christian Holler, and Byron Campen reported memory safety bugs present in Firefox 79 and Firefox ESR 78.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	CVE-2020-15670
VCID-mx8t-s47w-wud5	When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed.	CVE-2020-6829
VCID-rk7t-zjzg-eqar	NSS has multiple information disclosure vulnerabilities when handling secret key material.	CVE-2020-12401
VCID-rx46-z7x6-u3dc	When trying to load a non-video in an audio/video context the exact status code (200, 302, 404, 500, 412, 403, etc.) was disclosed via the MediaError Message. This level of information leakage is inconsistent with the standardized onerror/onsuccess disclosure and can lead to inferring login status to services or device discovery on a local network among other attacks.	CVE-2020-15666
VCID-tvsh-whx8-6qdp	Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page. This could have resulted in an incorrect URL being shown when used in conjunction with other unexpected browser behaviors.	CVE-2020-15665
VCID-vun4-z8ju-gbbc	If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with administrative privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous version which would have allowed exploitation of an older bug and arbitrary code execution with system privileges.Note: This issue only affected Windows operating systems. Other operating systems are unaffected.	CVE-2020-15663
VCID-w1a1-6e1k-guh6	A lock was missing when accessing a data structure and importing certificate information into the trust database.	CVE-2020-15668

Vulnerability

Summary

Aliases

VCID-e3j5-kyhm-7ye1

When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controlled signing key.

CVE-2020-15667

VCID-jtsz-m5jr-ebdc

Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.

CVE-2020-15664

VCID-k4a4-f1as-x3bj

NSS has multiple information disclosure vulnerabilities when handling secret key material.

CVE-2020-12400

VCID-kbpr-dnqh-37fu

Mozilla developers Jason Kratzer, Christian Holler, and Byron Campen reported memory safety bugs present in Firefox 79 and Firefox ESR 78.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

CVE-2020-15670

VCID-mx8t-s47w-wud5

When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed.

CVE-2020-6829

VCID-rk7t-zjzg-eqar

NSS has multiple information disclosure vulnerabilities when handling secret key material.

CVE-2020-12401

VCID-rx46-z7x6-u3dc

When trying to load a non-video in an audio/video context the exact status code (200, 302, 404, 500, 412, 403, etc.) was disclosed via the MediaError Message. This level of information leakage is inconsistent with the standardized onerror/onsuccess disclosure and can lead to inferring login status to services or device discovery on a local network among other attacks.

CVE-2020-15666

VCID-tvsh-whx8-6qdp

Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page. This could have resulted in an incorrect URL being shown when used in conjunction with other unexpected browser behaviors.

CVE-2020-15665

VCID-vun4-z8ju-gbbc

If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with administrative privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous version which would have allowed exploitation of an older bug and arbitrary code execution with system privileges.*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*

CVE-2020-15663

VCID-w1a1-6e1k-guh6

A lock was missing when accessing a data structure and importing certificate information into the trust database.

CVE-2020-15668

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-08T06:26:30.964962+00:00	Alpine Linux Importer	Fixing	VCID-tvsh-whx8-6qdp	https://secdb.alpinelinux.org/v3.23/community.json	38.1.0
2026-04-07T13:58:24.936278+00:00	Alpine Linux Importer	Fixing	VCID-mx8t-s47w-wud5	https://secdb.alpinelinux.org/v3.23/community.json	38.1.0
2026-04-06T04:52:40.226996+00:00	Alpine Linux Importer	Fixing	VCID-kbpr-dnqh-37fu	https://secdb.alpinelinux.org/v3.23/community.json	38.1.0
2026-04-03T17:58:47.843799+00:00	Alpine Linux Importer	Fixing	VCID-rx46-z7x6-u3dc	https://secdb.alpinelinux.org/v3.23/community.json	38.1.0
2026-04-03T17:51:17.956631+00:00	Alpine Linux Importer	Fixing	VCID-vun4-z8ju-gbbc	https://secdb.alpinelinux.org/v3.23/community.json	38.1.0
2026-04-03T17:50:01.758443+00:00	Alpine Linux Importer	Fixing	VCID-e3j5-kyhm-7ye1	https://secdb.alpinelinux.org/v3.23/community.json	38.1.0
2026-04-01T19:33:13.923779+00:00	Alpine Linux Importer	Fixing	VCID-k4a4-f1as-x3bj	https://secdb.alpinelinux.org/v3.23/community.json	38.0.0
2026-04-01T19:00:50.550456+00:00	Alpine Linux Importer	Fixing	VCID-w1a1-6e1k-guh6	https://secdb.alpinelinux.org/v3.23/community.json	38.0.0
2026-04-01T18:52:18.008746+00:00	Alpine Linux Importer	Fixing	VCID-rk7t-zjzg-eqar	https://secdb.alpinelinux.org/v3.23/community.json	38.0.0
2026-04-01T18:47:36.666518+00:00	Alpine Linux Importer	Fixing	VCID-jtsz-m5jr-ebdc	https://secdb.alpinelinux.org/v3.23/community.json	38.0.0