The type confusion vulnerability (CVE-2019-11707) can occur when manipulating JavaScript objects due to issues in Array.pop. The vulnerability has been fixed in Firefox 67.0.3 and Firefox ESR 60.7.1.1. The researcher who discovered the flaw Samuel Gro of Google Project Zero and Coinbase Security stated on Twitter: “The bug can be exploited for RCE but would then need a separate sandbox escape. However, most likely it can also be. exploited for UXSS which might be enough depending on the attacker’s goals””]
Source: https://www.darkreading.com/attacks-breaches/critical-firefox-vuln-used-in-targeted-attacks