First published 2 June 2026
CVSS:3.1: 7.3 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
Multiple security vulnerabilities have been found in Firefox ESR, a web browser used in IGEL OS. This affects the following product versions:
-
IGEL OS 12
-
IGEL OS 11
Details
Incorrect boundary conditions have been found in the JavaScript Engine (CVE-2026-8388, high) and the Web Codecs Firefox component (CVE-2026-8946, high). The JavaScript Engine also suffers from an improper input validation issue (CVE-2026-8391, high).
Apart from this, the DOM: Bindings (WebIDL) component contains a use-after-free vulnerability (CVE-2026-8947, high), and a sandbox escape is possible in the Profile Backup component (CVE-2026-8401, high).
Update Instructions
-
OS 12: Upgrade the Firefox ESR app to version 140.11.
-
OS 11: IGEL is working on a version with updated Firefox ESR.