Mozilla released an emergency Firefox update to fix a critical remote execution vulnerability that was actively used in targeted attacks in the wild. The employees of cryptocurrency firms were the target of an attack utilizing a recent Firefox zero-day and malware payloads in order to gain access to victim’s computers, networks, and sensitive information. The attack was most likely initiated by a phishing email that led to sites that acted as a gateway. When a visitor accessed these sites, they would be redirected to another page that would utilize the Firefox exploits to drop malicious payloads on the computer.
Source: https://www.bleepingcomputer.com/news/security/firefox-0-day-used-in-targeted-attacks-against-cryptocurrency-firms/