Updated July 18th, 2019
Mozilla released security updates to address a vulnerability in
Firefox and Firefox ESR that could allow attackers to take control of an
affected system.
The vulnerability is rated critical and is actively being exploited
in the wild. Mozilla called it “a type confusion vulnerability” that
occurs when manipulating JavaScript objects due to issues in Array.pop.
When exploited, the vulnerability can ultimately result in an
exploitable crash, according to a June 18 security notice.
The issue was addressed and patched in Firefox 67.0.3 and Firefox ESR 60.7.1. Those who are affected are advised to update their systems immediately.