ISN 2025-25: Firefox ESR Vulnerability
First published 2 July 2025
CVSS:3.1: 8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A security vulnerability has been found in Firefox ESR, a web browser used in IGEL OS. This affects the following product versions:
IGEL OS 12
IGEL OS 11
Details
A use-after-free issue has been discovered in FontFaceSet, an interface for loading fonts. This can lead to a crash of the application, which an attacker could potentially exploit (CVE-2025-6424, high).
Update Instructions
OS 12: Update to the Firefox ESR App in version 128.12 or newer when available from the IGEL App Portal.
OS 11: Update to IGEL OS version 11.11.100 when available (planned for August).