Bug is a critical ‘type confusion vulnerability’ that resides in the IonMonkey just-in-time (JIT) compiler of the Mozilla’s JavaScript engine SpiderMonkey. In general, a type confusion vulnerability occurs when the code doesn’t verify what objects it is passed to and blindly uses it without checking its type. The vulnerability was reported to Mozilla by cybersecurity researchers at Qihoo 360 ATA, who has also not yet released any information about their investigation, findings, and exploit.
Source: https://thehackernews.com/2020/01/firefox-cyberattack.html