ISN 2020-01: Firefox ESR Vulnerability

Announced 15 January 2020

Score: Critical

A critical security issue affects the Firefox ESR web browser on

IGEL OS 11
IGEL OS 10
IGEL Linux 5

Details

Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion (memory vulnerability). Mozilla is aware of targeted attacks in the wild abusing this flaw (CVE-2019-17026).

Update Instructions

IGEL OS 11: Update to IGEL OS 11.03.110 or newer.
IGEL OS 10: Update to IGEL OS 10.06.170 or newer.
IGEL Linux 5: This version does not have the space required for the Firefox ESR update. IGEL recommends removing the web browser feature if possible: https://kb.igel.com/igellinux/en/features-2275613.html

References

Mozilla Foundation Security Advisory 2020-03: https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/

Download PDF

ISN 2020-01: Firefox ESR Vulnerability

Details

Update Instructions

References

Cookie Notice