First published 15 October 2024
CVSS 3.1: 9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A critical security vulnerability has been found in the Firefox ESR web browser used in IGEL OS. This affects the following IGEL products:
-
IGEL OS 12
-
IGEL OS 11
Details
A use-after-free vulnerability has been found in the Animation timelines component of Firefox. This could enable a remote attacker to execute code in the context of the content process. Mozilla has had reports that this issue is being exploited in the wild. It is tracked as CVE-2024-9680 and is rated critical.
Update Instructions
-
OS 12: Update to the Firefox ESR app with version 115.16.1 as soon as it is available from the IGEL App Portal.
-
OS 11: Update to IGEL OS version 11.10.190 as soon as it is available.
References
-
CVE-2024-9680: https://www.cve.org/CVERecord?id=CVE-2024-9680
-
MFSA2024-51: https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/