firefox is vulnerable to Remote Code Execution(RCE). Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren’t accounting for external URLs. Data could then be potentially exfiltrated from the browser which allows an attacker to upload and execute malicious code on the system under attack.