ISN 2020-03: Firefox ESR Vulnerabilities

Announced 24 April 2020

Score: Critical

Two critical security issues affect the Firefox ESR web browser on

IGEL OS 11
IGEL OS 10
IGEL Linux 5

Details

Under certain conditions, when running the nsDocShell destructor (CVE-2020-6819) or when handling a ReadableStream (CVE-2020-6820), race conditions can cause a use-after-free. These vulnerabilities can be exploited to inject code into Firefox memory and execute it in the web browser’s context. Mozilla are aware of targeted attacks in the wild abusing these flaws.

Update Instructions

IGEL OS 11: Update to IGEL OS 11.03.530 or newer.
IGEL OS 10: Update to IGEL OS 10.06.179 or newer.
IGEL Linux 5: This version does not have the space required for the Firefox ESR update. IGEL recommends removing the web browser feature if possible: https://kb.igel.com/igellinux/en/features-2275613.html

References

Mozilla Foundation Security Advisory 2020-11: https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/

Download PDF

ISN 2020-03: Firefox ESR Vulnerabilities

Details

Update Instructions

References

Cookie Notice