ISN 2023-28: Firefox ESR Vulnerabilities
Updated 16 January 2024 (added fixed version)
First published 9 November 2023
CVSS 3.1: 7.5 (High)
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities have been discovered in the Firefox ESR web browser which is used in IGEL OS. This affects the following IGEL products:
- IGEL OS 11
Details
It has been found that it is possible for certain Firefox prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay (CVE-2023-5721). This vulnerability is rated as high. Apart from that, there are memory safety bugs which could lead to memory corruption and could be abused to run arbitrary code (CVE-2023-5730, high).
Update Instructions
- OS 11: Update to IGEL OS version 11.09.150 or newer.
References
- CVE-2023-5721: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5721
- CVE-2023-5730: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5730