Mozilla released Firefox 67.0.3 and Firefox ESR 60.7.1 to patch an actively exploited and critical severity vulnerability which could allow attackers to remotely execute arbitrary code on machines running vulnerable Firefox versions. […]

from https://www.bleepingcomputer.com/news/security/mozilla-firefox-6703-patches-actively-exploited-zero-day/