Updated 1st July 2022 (IGEL OS 11.07.170 available)
First published 24th June 2022
CVSS 3.1 Critical
CVSS:3.1 n/a
Summary
Critical vulnerabilities have been found in the Firefox ESR browser. This affects the following IGEL products:
IGEL OS 11
IGEL OS 10
Details
It has been discovered that an attacker who could corrupt the methods of an Array object in JavaScript via prototype pollution could execute attacker-controlled JavaScript code in a privileged context (CVE-2022-1802). In addition, an attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process (CVE-2022-1529). Both issues are considered critical. Update instructions
IGEL OS 11: Update to IGEL OS 11.07.170, which contains Firefox ESR 91.9.1.