Mozilla has released Firefox 67.0.4 to fix a security vulnerability that has been used in targeted attacks against cryptocurrency firms such as Coinbase. Users of Firefox should immediately install this update. This vulnerability is a sandbox escape vulnerability reported by Coinbase Security that allows attackers to escape from the browser’s protective sandbox. Chaining this vulnerability with the previously fixed vulnerability with another one was used as part of a phishing attack to drop and execute malicious payloads on victim’s machines. Users can manually check for new updates by going to the Firefox menu -> Help -> About Firefox and installing it.
Source: https://www.bleepingcomputer.com/news/security/mozilla-firefox-6704-fixes-second-actively-exploited-zero-day/