Skip to main content
Skip table of contents

ISN 2022-16: Firefox Vulnerabilities

Updated 1st July 2022 (IGEL OS 11.07.170 available)

First published 24th June 2022

CVSS 3.1 Critical

CVSS:3.1 n/a

Summary

Critical vulnerabilities have been found in the Firefox ESR browser. This affects the following IGEL products:

  • IGEL OS 11
  • IGEL OS 10

Details

It has been discovered that an attacker who could corrupt the methods of an Array object in JavaScript via prototype pollution could execute attacker-controlled JavaScript code in a privileged context (CVE-2022-1802). In addition, an attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process (CVE-2022-1529). Both issues are considered critical.
Update instructions

  • IGEL OS 11: Update to IGEL OS 11.07.170, which contains Firefox ESR 91.9.1.
  • IGEL OS 10: Upgrade to IGEL OS 11.07.170.

References

Mozilla Foundation Security Advisory 2022-19: https://www.mozilla.org/en-US/security/advisories/mfsa2022-19/

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.