Mozilla released a security update to address critical vulnerabilities in Firefox 57 which could allow a remote attacker to take control of an affected system.

The security advisory is rated critical and patches a vulnerability which allows a web worker in Private Browsing mode to write IndexedDB data and a vulnerability which allows visited history information to leak through SVG images, according to a Nov 29 advisory.

The first vulnerability ,CVE-2017-7843, is enabled when Private Browsing mode is enabled and allows a web worker to write persistent data to IndexedDB while fingerprinting a user uniquely.

The second vulnerability, CVE-2017-7844, is caused by a combination of an external SVG image referenced on a page and the coloring of anchor links stored within and image that can be used to determine which pages a user has in their history allowing a malicious website to query user history