ISN 2025-30: Firefox ESR Vulnerabilities

First published 4 August 2025

CVSS:3.1: 8.8 (High)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Security vulnerabilities have been found in Firefox ESR, a web browser used in IGEL OS. This affects the following product versions:

• IGEL OS 12

• IGEL OS 11

Details

The JavaScript compiler Monkey-JIT writes only 32 bits of the 64-bit return value space on the stack, while the component Baseline-JIT reads the entire 64 bits (CVE-2025-8027, high). Besides that, the Mozilla Fuzzing Team have discovered multiple memory safety bugs that might be exploited to execute arbitrary code (CVE-2025-8034 and CVE-2025-8035, high).

Update Instructions

• OS 12: Update to the Firefox ESR app in version 128.13 or newer when available from the IGEL App Portal.

• OS 11: Update to IGEL OS version 11.11.100 when available.

References

• Mozilla Foundation Security Advisory 2025-62: https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/

• Mozilla Foundation Security Advisory 2025-57: https://www.mozilla.org/en-US/security/advisories/mfsa2025-57/