Firefox and Firefox ESR users should move quickly to the latest versions. They include security fixes that protect against data theft and code execution by an attacker, among other things.
There are several vulnerabilities in Firefox and Firefox ESR (version for Windows XP) that allow attackers to spy on information, cross-site scripting attacks, and execute arbitrary code with the rights of the browser, under certain circumstances. As stated in the current security notes from Mozilla, all previous versions of Firefox 57 aka Quantum and Firefox ESR are affected before the current 52.5 release.
Of the total of 15 closed security holes, the Firefox developers rate three as “critical” and one as “high”. Eleven other gaps categorize them as “low” to “medium”. The assessment by the emergency team of the BSI CERT Bund is somewhat different: it consistently classifies the risk from the gaps as “very high”.