Skip to main content
Skip table of contents

ISN 2022-20: Firefox ESR Vulnerabilities

First published 15 September 2022

CVSS 3.1 High

CVSS:3.1 n/a

Summary

Multiple vulnerabilities have been found in the Firefox ESR web browser used in IGEL OS. This affects the following IGEL products:

  • IGEL OS 11
  • IGEL OS 10

Details

Three vulnerabilities rated high have been found in Firefox ESR. An attacker could abuse XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin (CVE-2022-38472). Another vulnerability affects a cross-origin iframe referencing an XSLT document – it would inherit the parent domain's permissions such as microphone or camera access (CVE-2022-38473). The third issue concerns memory safety bugs that could be exploited to run arbitrary code (CVE-2022-38478).

Update Instructions

  • IGEL OS 11: Update to IGEL OS version 11.08.200 (release planned for mid-October)
  • IGEL OS 10: Upgrade to the fixed IGEL OS 11 version

References

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.