Announced 24 April 2020

Score: Critical

Two critical security issues affect the Firefox ESR web browser on

  • IGEL OS 11
  • IGEL OS 10
  • IGEL Linux 5


Under certain conditions, when running the nsDocShell destructor (CVE-2020-6819) or when handling a ReadableStream (CVE-2020-6820), race conditions can cause a use-after-free. These vulnerabilities can be exploited to inject code into Firefox memory and execute it in the web browser’s context. Mozilla are aware of targeted attacks in the wild abusing these flaws.

Update Instructions

  • IGEL OS 11: Update to IGEL OS 11.03.530 or newer.
  • IGEL OS 10: Update to IGEL OS 10.06.179 or newer.
  • IGEL Linux 5: This version does not have the space required for the Firefox ESR update. IGEL recommends removing the web browser feature if possible:


Mozilla Foundation Security Advisory 2020-11: