Mozilla has fixed a critical flaw in Firefox that could allow a remote attacker to execute arbitrary code on a targeted device.
An attacker could exploit the vulnerability by persuading a user to access a link or file that then submits malicious input to the affected software, according to a security advisory from Cisco.
A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user. If the user has elevated privileges, the attacker could compromise the system completely.
According to Cisco, the vulnerability occurs due to "insufficient sanitization" of HTML fragments in chrome-privileged documents by the affected software.
Mozilla describes chrome, which here does not mean Google Chrome, as any visible aspect of a browser aside from the webpages themselves.
Download now: Incident response policy
To exploit the flaw, hackers might use misleading language or instructions to persuade a targeted user to open a specially-crafted file.
Mozilla has released an update, Firefox 58.0.1, which fixes the flaw. Mozilla said Firefox for Android and Firefox 52 ESR are not affected by the vulnerability.
Cisco said administrators should apply the appropriate software updates, and users should not open email messages from suspicious or unrecognized sources. And users with admin rights should use an account without those privileges when browsing the internet.
"If users cannot verify that links or attachments included in email messages are safe, they are advised not to open them," the advisory said.
Previous and related coverage
The incoming Firefox 58 brings faster page loads thanks to a new compiler and streaming compilation, reports Mozilla.
Firefox Quantum will test whether Mozilla's efforts to modernize its browser can pay off.
Mozilla's latest version of its Firefox web browser gets a performance boost from a privacy feature.
Firefox sees a bump in installs from Chrome users after the big Quantum overhaul.
The upcoming Firefox 59 will help you stop sites from asking for permission to send you notifications and know your location, but you can stop these right now in the current build of Firefox with a little digging.
How to manage Firefox Quantum site permissions (TechRepublic)
Jack Wallen walks you through the process of managing both default and site permissions with Firefox Quantum, so you can enjoy a more secure and reliable browsing experience.