.Announced 13 September 2019
Score: High
Several security issues affect the Firefox ESR web browser on
-
IGEL OS 11
-
IGEL OS 10
-
IGEL Linux v5
Details
Many vulnerabilities have been discovered in Firefox ESR, which Mozilla has summarized in the Mozilla Foundation Security Advisory (MFSA) 2019-27 with an overall critical score. The advisory contains CVE-2019-11746, CVE-2019-11744, CVE-2019-11752, CVE-2019-9812, CVE-2016-11743 and CVE-2019-11740, which include potentially exploitable crashes while manipulating video elements or extracting a key value in IndexedDB, and a sandbox escape through Firefox Sync.
Update Instructions
-
IGEL OS 11: Update to IGEL OS 11.02.150 or newer.
-
IGEL OS 10: Update to IGEL OS 10.06.130 or newer.
-
IGEL Linux 5: This version does not have the space required for the Firefox ESR update. IGEL recommends removing the web browser feature if possible.
References
Mozilla Foundation Security Advisory 2019-27: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/