Skip to main content
Skip table of contents

ISN 2023-28: Firefox ESR Vulnerabilities

Updated 16 January 2024 (added fixed version)

First published 9 November 2023

CVSS 3.1: 7.5 (High)

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Multiple vulnerabilities have been discovered in the Firefox ESR web browser which is used in IGEL OS. This affects the following IGEL products:

  • IGEL OS 11

Details

It has been found that it is possible for certain Firefox prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay (CVE-2023-5721). This vulnerability is rated as high. Apart from that, there are memory safety bugs which could lead to memory corruption and could be abused to run arbitrary code (CVE-2023-5730, high).

Update Instructions

  • OS 11: Update to IGEL OS version 11.09.150 or newer.

References

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.