ISN 2021-09: Firefox ESR vulnerabilities

First published 30 November 2021

CVSS 3.1 Base Score: 10.0 (Critical)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Summary

Several vulnerabilities have been found in Mozilla Firefox ESR, many rated as high. These affect the Firefox ESR version in the following IGEL products:

IGEL OS 11

IGEL OS 10

Details

Mozilla has reported various vulnerabilities in Firefox ESR in its Mozilla Foundation Security Advisories (MFSA-2021-49, MFSA-2021-45, MFSA-2021-40, MFSA-2021-37, MFSA-2021-33). Many concern memory safety, and many are exploitable over the network. Overall, 18 are rated high.

Update Instructions

• IGEL OS 11: Update to IGEL OS 11.06.210.
• IGEL OS 10: Upgrade to IGEL OS 11.06.210.

References

• MFSA-2021-49: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/
  CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507, MOZ-2021-0008, CVE-2021-38508, CVE-2021-38509, MOZ-2021-0007. (MOZ-* pending CVE assignment)
• MFSA-2021-45: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/
  CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-32810, CVE-2021-38500, CVE-2021-38501
• MFSA-2021-40: https://www.mozilla.org/en-US/security/advisories/mfsa2021-40/
  CVE-2021-38495
• MFSA-2021-37: https://www.mozilla.org/en-US/security/advisories/mfsa2021-37/
  CVE-2021-29991
• MFSA-2021-33: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/
  CVE-2021-29986, CVE-2021-29981, CVE-2021-29988, CVE-2021-29984, CVE-2021-29980, CVE-2021-29987, CVE-2021-29985, CVE-2021-29982, CVE-2021-29989, CVE-2021-29990