Skip to main content
Skip table of contents

ISN 2025-36: Firefox ESR Vulnerabilities

First published 2 September

CVSS:3.1: 8.3 (High)

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple security vulnerabilities have been found in Firefox ESR, a web browser used in IGEL OS. This affects the following product versions:

  • IGEL OS 12

  • IGEL OS 11

Details

It has been discovered that an attacker could perform memory corruption in the GMP process, which processes encrypted media. This is rated as high and tracked as CVE-2025-9179. The Graphics: Canvas2D component is affected by a bypass in the Same-origin Policy (CVE-2025-9180, high). Apart from that, several memory safety bugs have been found that could enable arbitrary code execution or crash the application (CVE-2025-9185, high).

Update Instructions

  • OS 12: Update to the Firefox ESR app in version 128.14 or newer when available from the IGEL App Portal.

  • OS 11: Update to IGEL OS version 11.11.100 when available.

References

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close