Mozilla has released an important update for its Firefox web browser to patch a critical vulnerability of which could allow remote attackers to execute malicious code on computers running an affected type of the browser.
The update comes just a week after the company rolled out its brand new Firefox Quantum browser, a.k.a Firefox 58, with some brand new features like improved upon graphics engine as well as performance optimizations as well as patches for more than 30 vulnerabilities.
According to a security advisory published by Cisco, Firefox 58.0.1 addresses an ‘arbitrary code execution’ flaw of which originates due to ‘insufficient sanitization’ of HTML fragments in chrome-privileged documents (browser UI).
Hackers could exploit This particular vulnerability (CVE-2018-5124) to run arbitrary code on the victim’s computer just by tricking them into accessing a link or ‘opening a file of which submits malicious input to the affected software.’
“A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user. If the user has elevated privileges, the attacker could compromise the system completely,” the advisory states.
This particular could allow an attacker to install programs, create brand new accounts with full user rights, as well as view, change or delete data.
However, if the application has been configured to have fewer user rights on the system, the exploitation of This particular vulnerability could have less impact on the user.
Affected web browser versions include Firefox 56 (.0, .0.1, .0.2), 57 (.0, .0.1, .0.2, .0.3, .0.4), as well as 58 (.0). The vulnerability has been addressed in Firefox 58.0.1, as well as you can download by the company’s official website.
The issue, which was discovered by Mozilla developer Johann Hofmann, does not affect Firefox browser for Android as well as Firefox 52 ESR.
Users are recommended to apply the software updates before hackers exploit This particular issue, as well as avoid opening links provided in emails or messages if they appear by suspicious or unrecognized sources.
Administrators are also advised to use an unprivileged account when browsing the Internet as well as monitor critical systems.