Skip to main content
Skip table of contents

ISN 2024-18: Critical Firefox ESR Vulnerability

First published 15 October 2024

CVSS 3.1: 9.8 (Critical)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

A critical security vulnerability has been found in the Firefox ESR web browser used in IGEL OS. This affects the following IGEL products:

  • IGEL OS 12

  • IGEL OS 11

Details

A use-after-free vulnerability has been found in the Animation timelines component of Firefox. This could enable a remote attacker to execute code in the context of the content process. Mozilla has had reports that this issue is being exploited in the wild. It is tracked as CVE-2024-9680 and is rated critical.

Update Instructions

  • OS 12: Update to the Firefox ESR app with version 115.16.1 as soon as it is available from the IGEL App Portal.

  • OS 11: Update to IGEL OS version 11.10.190 as soon as it is available.

References

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close