First published 4 May 2026
CVSS:3.1: 7.3 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
Multiple security vulnerabilities have been found in Firefox ESR, a web browser used in IGEL OS. This affects the following product versions:
-
IGEL OS 12
-
IGEL OS 11
Details
Several memory safety bugs have been discovered in Firefox ESR (CVE-2026-7322, CVE-2026-7323). They show evidence of memory corruption, and it is presumed that with enough effort they could be exploited to run arbitrary code, so they are rated as high.
Besides these issues, there is an information disclosure due to incorrect boundary conditions in the Audio/Video component (CVE-2026-7320, high).
Update Instructions
-
OS 12: Upgrade the Firefox ESR app to version 140.10.1 or newer as soon as it is available.
-
OS 11: Upgrade to IGEL OS 11.11.150 as soon as it is available.
References