VulnerableCode Package Details - pkg:apk/alpine/librewolf@87.0-r0?arch=x86&distroversion=v3.23&reponame=community

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4mxh-j7wx-vbek	If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs.	CVE-2021-23968
VCID-emj2-a85a-myf4	Firefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious application to read sensitive data from application directories.Note: This issue is only affected Firefox for Android. Other operating systems are unaffected.	CVE-2021-23977
VCID-fqfv-4vrw-4uau	A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials.	CVE-2021-23984
VCID-jshb-xfdc-p7at	By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash.	CVE-2021-23983
VCID-pyu2-xzpv-tkgh	Mozilla developers Alexis Beingessner, Tyson Smith, Nika Layzell, and Mats Palmgren reported memory safety bugs present in Thunderbird 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	CVE-2021-23978
VCID-vque-dfjx-ryad	When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on targeted websites.Note: This issue is a different issue from CVE-2020-26954 and only affected Firefox for Android. Other operating systems are unaffected.	CVE-2021-23976
VCID-wpy7-gpn8-euhx	Mozilla developers Tyson Smith, Lars T Hansen, Valentin Gosu, and Sebastian Hengst reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.	CVE-2021-23979

Vulnerability

Summary

Aliases

VCID-4mxh-j7wx-vbek

If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs.

CVE-2021-23968

VCID-emj2-a85a-myf4

Firefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious application to read sensitive data from application directories.*Note: This issue is only affected Firefox for Android. Other operating systems are unaffected.*

CVE-2021-23977

VCID-fqfv-4vrw-4uau

A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials.

CVE-2021-23984

VCID-jshb-xfdc-p7at

By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash.

CVE-2021-23983

VCID-pyu2-xzpv-tkgh

Mozilla developers Alexis Beingessner, Tyson Smith, Nika Layzell, and Mats Palmgren reported memory safety bugs present in Thunderbird 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

CVE-2021-23978

VCID-vque-dfjx-ryad

When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on targeted websites.*Note: This issue is a different issue from CVE-2020-26954 and only affected Firefox for Android. Other operating systems are unaffected.*

CVE-2021-23976

VCID-wpy7-gpn8-euhx

Mozilla developers Tyson Smith, Lars T Hansen, Valentin Gosu, and Sebastian Hengst reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

CVE-2021-23979

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-29T10:12:00.648550+00:00	Alpine Linux Importer	Fixing	VCID-pyu2-xzpv-tkgh	https://secdb.alpinelinux.org/v3.23/community.json	38.6.0
2026-05-29T10:03:43.291535+00:00	Alpine Linux Importer	Fixing	VCID-jshb-xfdc-p7at	https://secdb.alpinelinux.org/v3.23/community.json	38.6.0
2026-05-29T09:56:34.386523+00:00	Alpine Linux Importer	Fixing	VCID-vque-dfjx-ryad	https://secdb.alpinelinux.org/v3.23/community.json	38.6.0
2026-05-29T09:49:33.042656+00:00	Alpine Linux Importer	Fixing	VCID-wpy7-gpn8-euhx	https://secdb.alpinelinux.org/v3.23/community.json	38.6.0
2026-05-29T09:44:24.140400+00:00	Alpine Linux Importer	Fixing	VCID-4mxh-j7wx-vbek	https://secdb.alpinelinux.org/v3.23/community.json	38.6.0
2026-05-29T09:43:17.573779+00:00	Alpine Linux Importer	Fixing	VCID-fqfv-4vrw-4uau	https://secdb.alpinelinux.org/v3.23/community.json	38.6.0
2026-05-29T09:39:49.411496+00:00	Alpine Linux Importer	Fixing	VCID-emj2-a85a-myf4	https://secdb.alpinelinux.org/v3.23/community.json	38.6.0