====================================================================

                             CERT-Renater

                 Note d'Information No. 2018/VULN041
_____________________________________________________________________

DATE                : 30/01/2018

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Firefox versions prior to 58.0.1.

=====================================================================
https://www.mozilla.org/en-US/security/advisories/mfsa2018-05/
_____________________________________________________________________

Mozilla Foundation Security Advisory 2018-05
Arbitrary code execution through unsanitized browser UI


ANNOUNCED    January 29, 2018
REPORTER     Johann Hofmann
IMPACT       CRITICAL
PRODUCTS     Firefox
FIXED IN     Firefox 58.0.1


Description

Mozilla developer Johann Hofmann reported that unsanitized output in
the browser UI can lead to arbitrary code execution.

This issue did not affect Firefox for Android or Firefox 52 ESR.


References

Sanitize HTML fragments created for chrome-privileged documents
(CVE-2018-5124)

==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================