First published 8 April 2026
CVSS:3.1: 8.6 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Summary
Several security vulnerabilities have been found in Firefox ESR, a web browser used in IGEL OS. This affects the following product versions:
-
IGEL OS 12
-
IGEL OS 11
Details
Multiple security issues rated high have been discovered in Firefox ESR, among them a list of sandbox escapes: CVE-2026-4687 due to incorrect boundary conditions in the Telemetry component, CVE-2026-4688 due to use-after-free in the Disability Access APIs component, two in the XPCOM component (CVE-2026-4689, CVE-2026-4690), and another in the Responsive Design Mode component (CVE-2026-4692).
Further vulnerabilities include a use-after-free in the Layout component (CVE-2026-4696, high), a JIT miscompilation in the JavaScript Engine (CVE-2026-4698, high), and two incorrect boundary conditions in the Canvas2D component (CVE-2026-4685, CVE-2026-4686, both high). A complete list of issues can be found in the referenced Mozilla Foundation Security Advisory (MFSA).
Update Instructions
-
OS 12: Update to the Firefox app in version 140.9 or newer from the IGEL App Portal.
-
OS 11: Update to IGEL OS 11.11.150 when available.