Skip to main content
Skip table of contents

ISN 2020-01: Firefox ESR Vulnerability

Announced 15 January 2020

Score: Critical

A critical security issue affects the Firefox ESR web browser on

  • IGEL OS 11

  • IGEL OS 10

  • IGEL Linux 5

Details

Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion (memory vulnerability). Mozilla is aware of targeted attacks in the wild abusing this flaw (CVE-2019-17026).

Update Instructions

  • IGEL OS 11: Update to IGEL OS 11.03.110 or newer.

  • IGEL OS 10: Update to IGEL OS 10.06.170 or newer.

  • IGEL Linux 5: This version does not have the space required for the Firefox ESR update. IGEL recommends removing the web browser feature if possible.

References

Mozilla Foundation Security Advisory 2020-03: https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close