A security issue was identified and fixed in mozilla firefox: VUPEN Security, via TippingPoint's Zero Day Initiative, reported a use-after-free within the HTML editor when content script is run by the document.execCommand function while internal editor operations are occurring. This could allow for arbitrary code execution . The mozilla firefox packages has been upgraded to the latest ESR version which is unaffected by this security flaw.