Mozilla has released an important update for its Firefox web browser to patch a critical vulnerability that could allow remote attackers to execute malicious code on computers running an affected version of the browser.
The update comes just a week after the company rolled out its new Firefox Quantum browser, a.k.a Firefox 58, with some new features like improved graphics engine and performance optimizations and patches for more than 30 vulnerabilities.
According to experts, Firefox 58.0.1 addresses an 'arbitrary code execution’ flaw that originates due to 'insufficient sanitization' of HTML fragments in chrome-privileged documents (browser UI).
Hackers could exploit this vulnerability (CVE-2018-5124) to run arbitrary code on the victim's computer just by tricking them into accessing a link or 'opening a file that submits malicious input to the affected software.'
This could allow an attacker to install programs, create new accounts with full user rights, and view, change or delete data.
However, if the application has been configured to have fewer user rights on the system, the exploitation of this vulnerability could have less impact on the user.
Affected web browser versions include Firefox 56 (.0, .0.1, .0.2), 57 (.0, .0.1, .0.2, .0.3, .0.4), and 58 (.0). The vulnerability has been addressed in Firefox 58.0.1, and you can download from the company's official website.
The issue does not affect Firefox browser for Android and Firefox 52 ESR.