CVE-2018-5124

Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58.0.1.
Source: NIST
CVE-2018-5124