Mozilla today released an update for Firefox 58 that fixes a critical vulnerability and a security related bug. The vulnerability was an issue with unsanitized output of the user interface of the browser that allowed attackers to execute arbitrary code.
A Mozilla developer discovered the vulnerability. Firefox for Android and Firefox 52 ESR were not vulnerable. The other issued happened when using certain non-default security policies on Windows (for example with Windows Defender Exploit Protection or Webroot security products). In that case, Firefox 58.0 would fail to load pages.
The vulnerability and big have been fixed in Firefox 58.0.1. Users can update to the new version through the automatic update feature or through Mozilla.org
Mozilla also mentions two unresolved issues in the changelog of Firefox 58.0.01. When users run Firefox for Windows over a Remote Desktop Connection (RDP), audio playback is disabled due to increased security restrictions. Mozilla has a page on its website with a workaround.
Another issue occurs when running certain screen readers. They may experience performance issues and users are therefore advised to use Firefox ESR until performance issues are resolved in an upcoming future release.