Announced 13 September 2019

Score: High

Several security issues affect the Firefox ESR web browser on 

  • IGEL OS 11
  • IGEL OS 10
  • IGEL Linux v5

Details

Many vulnerabilities have been discovered in Firefox ESR, which Mozilla has summarized in the Mozilla Foundation Security Advisory (MFSA) 2019-27 with an overall critical score. The advisory contains CVE-2019-11746, CVE-2019-11744, CVE-2019-11752, CVE-2019-9812, CVE-2016-11743 and CVE-2019-11740, which include potentially exploitable crashes while manipulating video elements or extracting a key value in IndexedDB, and a sandbox escape through Firefox Sync.

Update Instructions:

  • IGEL OS 11: Update to IGEL OS 11.02.150 or newer.
  • IGEL OS 10: Update to IGEL OS 10.06.130 or newer.
  • IGEL Linux 5: This version does not have the space required for the Firefox ESR update. IGEL recommends removing the web browser feature if possible: https://kb.igel.com/igellinux/en/features-2275613.html

References

Mozilla Foundation Security Advisory 2019-27: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/