Mozilla patches unsanitised output flaw in Firefox
Mozilla patches unsanitised output flaw in Firefox

Mozilla patched an unsanitised output flaw in its Firefox browser user interface that could lead to arbitrary code execution.

The problem could allow an attacker to take control of an infected system by means of arbitrary code execution, according to the 29 January advisory.

The issue was fixed in Firefox 58.0.1 and doesn't affect Firefox for Android or Firefox 52 ESR. Last month, Mozilla issued a series of security updates for Thunderbird 52.5.2 that included a critically rated buffer overflow issue that could lead to a crash if exploited.

The update also patched two high-rated security issues one of which made it possible to execute JavaScript in a parsed RSS feed if the feed is viewed as a website and another that would allow for a specially crafted Cascading Style Sheets in an RSS feed to leak or reveal local path strings which could include a user name.