ISN 2020-01: Firefox ESR vulnerability

Announced 15 January 2020

Score: Critical

A critical security issue affects the Firefox ESR web browser on

  • IGEL OS 11
  • IGEL OS 10
  • IGEL Linux 5

Details

Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion (memory vulnerability). Mozilla is aware of targeted attacks in the wild abusing this flaw (CVE-2019-17026).

Update instructions:

  • IGEL OS 11: Update to IGEL OS 11.03.110 or newer.
  • IGEL OS 10: Update to IGEL OS 10.06.170 or newer.
  • IGEL Linux 5: This version does not have the space required for the Firefox ESR update. IGEL recommends removing the web browser feature if possible: https://kb.igel.com/igellinux/en/features-2275613.html

References

Mozilla Foundation Security Advisory 2020-03: https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/

Last update: January 15, 2020