Skip to main content
Skip table of contents

ISN 2020-07: Firefox ESR Various Vulnerabilities

Announced 9 June 2020

Score: High

Four security issues rated as high affect the Firefox ESR web browser on:

  • IGEL OS 11

  • IGEL OS 10

  • IGEL Linux 5

Details

It has been discovered that a timing attack against Mozilla’s Network Security Services (NSS) library could leak private keys (CVE-2020-12399). Also, when browsing a malicious page, a race condition in SharedWorkerService could occur and lead to a potentially exploitable crash (CVE-2020-12405). A JavaScript type confusion with NativeTypes could result in a crash, and potentially to execution of arbitrary code (CVE-2020-12406). Further memory safety bugs showed evidence of memory corruption and Mozilla presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2020-12411).

Update Instructions

  • IGEL OS 11: Update to IGEL OS 11.03.580 or newer.

  • IGEL OS 10: Update to IGEL OS 10.06.190 or newer.

  • IGEL Linux 5: This version does not have the space required for the Firefox ESR update. IGEL recommends removing the web browser feature if possible.

References

 Mozilla Foundation Security Advisory 2020-21: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close