Mozilla Patches Critical Arbitrary Code Execution Through Unsanitized Browser UI Bug
Mozilla fixed a critical security vulnerability in its Firefox browser that could lead to arbitrary code execution. The company announced addressing it in Firefox 58.0.1. In its advisory, the Foundation added that the issue did not affect users on Firefox for Android or Firefox 52 ESR.
Mozilla fixes unsanitized output flaw with Firefox 58.0.1
“Mozilla developer Johann Hofmann reported that unsanitized output in the browser UI can lead to arbitrary code execution,” the company wrote in its security advisory. The company has now fixed this unsanitized output vulnerability in Firefox that could have allowed an attacker to take control of an affected system using arbitrary code execution.
Firefox version 58.0.1 was first offered to Release channel users yesterday, on January 29. The version at the time of the release only carried one note about fixing a critical issue on Windows machines that causes page load failures in the browser.
When using certain non-default security policies on Windows (for example with Windows Defender Exploit Protection or Webroot security products), Firefox 58.0 would fail to load pages.
While patching critical security flaws, even the latest version remains prone to some issues, including an audio playback problem experienced by Firefox users running Windows over a Remote Desktop Connection (RDP).
You can manually update to the latest version from menu > Help > About Firefox. Alternatively, here are the direct download links: Firefox 58.0.1 for Windows (64-bit) |Firefox 58.0.1 for Linux (64-bit) |Firefox 58.0.1 for macOS