ISN 2019-08: Firefox ESR Vulnerabilities

Announced 24 July 2019

Score: Critical

Several security issues affect the Firefox ESR web browser on

• IGEL OS 11

• IGEL OS 10

• IGEL Linux v5

Details

Many vulnerabilities have been discovered in Firefox ESR, which Mozilla has summarized in the following Mozilla Foundation Security Advisories (MFSAs): MFSA-2019-22, MFSA-2019-19, MFSA- 2019-18, MFSA-2019-08, MFSA-2019-05 and MFSA-2019-02. Among these are vulnerabilities such as a sandbox escape, a script injection vulnerability, privilege escalation and some critical memory management weaknesses.

Update Instructions

• IGEL OS 11: Update to IGEL OS 11.01.130 or newer.

• IGEL OS 10: Update to IGEL OS 10.06.110 or newer.

Mitigation

• IGEL Linux 5: This version does not have the space required for the Firefox ESR update. IGEL recommends disabling the web browser feature if possible.

References

• MFSA-2019-22: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/

• Mozilla Foundation Security Advisories: https://www.mozilla.org/en-US/security/advisories/