Skip to main content
Skip table of contents

ISN 2022-20: Firefox ESR Vulnerabilities

First published 15 September 2022

CVSS 3.1 High

CVSS:3.1 n/a

Summary

Multiple vulnerabilities have been found in the Firefox ESR web browser used in IGEL OS. This affects the following IGEL products:

  • IGEL OS 11
  • IGEL OS 10

Details

Three vulnerabilities rated high have been found in Firefox ESR. An attacker could abuse XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin (CVE-2022-38472). Another vulnerability affects a cross-origin iframe referencing an XSLT document – it would inherit the parent domain's permissions such as microphone or camera access (CVE-2022-38473). The third issue concerns memory safety bugs that could be exploited to run arbitrary code (CVE-2022-38478).

Update Instructions

  • IGEL OS 11: Update to IGEL OS version 11.08.200 (release planned for mid-October)
  • IGEL OS 10: Upgrade to the fixed IGEL OS 11 version

References

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close