ISN 2026-12: Critical Firefox ESR Vulnerabilities

First published 28 April 2026

CVSS:3.1: 9.8 (Critical)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Critical security vulnerabilities have been found in Firefox ESR, a web browser used in IGEL OS. This affects the following product versions:

• IGEL OS 12

• IGEL OS 11

Details

Critical memory safety bugs have been found in Firefox ESR. Some of these showed evidence of memory corruption, and according to Mozilla, with enough effort some of these could be exploited to run arbitrary code (CVE-2026-5731, CVE-2026-5734).

Besides these, the Graphics: Text component is affected by incorrect boundary conditions and an integer overflow (CVE-2026-5732, high).

Update Instructions

• OS 12: Update the Firefox ESR app to version 140.9.1 or newer from the IGEL App Portal.

• OS 11: Update to IGEL OS 11.11.150 as soon as it is available.

References

• MFSA-2026-27: https://www.mozilla.org/en-US/security/advisories/mfsa2026-27/

• CVE-2026-5731 at NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-5731

• CVE-2026-5731 at NVD https://nvd.nist.gov/vuln/detail/CVE-2026-5734