Mozilla released Firefox 72.0.1 and Firefox ESR 68.4.1 to patch a critical and actively exploited severity vulnerability that could allow attackers to execute code or trigger crashes on vulnerable Firefox versions. The type confusion vulnerability tracked as CVE-2019-17026 impacts the web browser’s IonMonkey Just-In-Time (JIT) compiler and it occurs when incorrect alias information is fed for setting array elements. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also issued an alert saying that “an attacker could exploit this vulnerability to take control of an affected system”””
Source: https://www.bleepingcomputer.com/news/security/mozilla-firefox-7201-patches-actively-exploited-zero-day/