The Department of Homeland Security is urging Firefox users to update their browsers. The rare warning was issued earlier this week, after Mozilla released two critical security updates. According to the Cybersecurity and Infrastructure Security Agency (CISA), the exploit could allow hackers to "take control of an affected system."
Mozilla is "aware of targeted attacks in the wild abusing this flaw." In a statement provided to Engadget, a Mozilla spokesperson said, "on Tuesday, January 7, 2020, Chinese security firm Qihoo 360 reported a vulnerability that was used as part of targeted attacks on a local network. We started shipping Firefox updates to address this security vulnerability the next morning."
If this all sounds a bit familiar, that's likely because it's the third zero-day exploit Mozilla has patched in less than a year. Last summer, Mozilla found two critical bugs in less than a week's time. Both vulnerabilities were actively exploited.
We don't know exactly how the current vulnerability is being abused. But Mozilla says, "incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion." To be safe, you'll want to download Firefox 72.0.1 or ESR 68.4.1.