Skip to main content
Skip table of contents

ISN 2020-03: Firefox ESR Vulnerabilities

Announced 24 April 2020

Score: Critical

Two critical security issues affect the Firefox ESR web browser on

  • IGEL OS 11

  • IGEL OS 10

  • IGEL Linux 5

Details

Under certain conditions, when running the nsDocShell destructor (CVE-2020-6819) or when handling a ReadableStream (CVE-2020-6820), race conditions can cause a use-after-free. These vulnerabilities can be exploited to inject code into Firefox memory and execute it in the web browser’s context. Mozilla are aware of targeted attacks in the wild abusing these flaws.

Update Instructions

  • IGEL OS 11: Update to IGEL OS 11.03.530 or newer.

  • IGEL OS 10: Update to IGEL OS 10.06.179 or newer.

  • IGEL Linux 5: This version does not have the space required for the Firefox ESR update. IGEL recommends removing the web browser feature if possible.

References

Mozilla Foundation Security Advisory 2020-11: https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.