Network Security, Patch/Configuration Management, Vulnerability Management

Mozilla patches unsanitized output flaw in Firefox

Mozilla patched an unsanitized output flaw in its Firefox browser user interface that could lead to arbitrary code execution.

The problem could allow an attacker to take control of an infected system by means of arbitrary code execution, according to the Jan. 29 advisory.

The issue was fixed in Firefox 58.0.1 and doesn't affect Firefox for Android or Firefox 52 ESR. Last month, Mozilla issued a series of security updates for Thunderbird 52.5.2 that included a critically rated buffer overflow issue that could lead to a crash if exploited.

The update also patched two high-rated security issues one of which made it possible to execute JavaScript in a parsed RSS feed if the feed is viewed as a website and another that would allow for a specially crafted Cascading Style Sheets in an RSS feed to leak or reveal local path strings which could include a user name.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.