Mozilla is "aware of targeted attacks in the wild abusing this flaw." In a statement provided to Engadget, a Mozilla spokesperson said, "on Tuesday, January 7, 2020, Chinese security firm Qihoo 360 reported a vulnerability that was used as part of targeted attacks on a local network. We started shipping Firefox updates to address this security vulnerability the next morning."

If this all sounds a bit familiar, that's likely because it's the third zero-day exploit Mozilla has patched in less than a year. Last summer, Mozilla found two critical bugs in less than a week's time. Both vulnerabilities were actively exploited.

We don't know exactly how the current vulnerability is being abused. But Mozilla says, "incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion." To be safe, you'll want to download Firefox 72.0.1 or ESR 68.4.1.