ISN 2025-01: Firefox ESR Vulnerabilities
First published 21 January 2025
CVSS 3.1: 7.3 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
Security vulnerabilities have been found in the Firefox ESR web browser used in IGEL OS. This affects the following IGEL products:
IGEL OS 12
IGEL OS 11
Details
Memory safety bugs have been found in Firefox ESR. Some of these issues showed evidence of memory corruption and the Mozilla team presumes that some could have been exploited to run arbitrary code (CVE-2025-0242, high).
Update Instructions
OS 12: Update to version 115.19 of the OS 12 Firefox app as soon as it is available on the IGEL App Portal.
OS 11: Update to IGEL OS version 11.10.250 (planned for 25 February 2025).