Two critical security issues affect the Firefox ESR web browser on
IGEL OS 11
IGEL OS 10
IGEL Linux 5
Details
Under certain conditions, when running the nsDocShell destructor (CVE-2020-6819) or when handling a ReadableStream (CVE-2020-6820), race conditions can cause a use-after-free. These vulnerabilities can be exploited to inject code into Firefox memory and execute it in the web browser’s context. Mozilla are aware of targeted attacks in the wild abusing these flaws.