Mozilla has pushed out an emergency patch for the Firefox browser on all platforms, fixing a zero-day vulnerability that is being exploited in real-life attacks.
The flaw, given the catalog number CVE-2019-11707, affects all currently supported versions of Firefox, which are Firefox 67.0 through 67.0.2, as well as Firefox ESR (Extended Support Release) 60.0 through 60.7.0, according to a Czech vulnerability database.
Firefox versions 57 through 66 are presumably vulnerable as well, though it's not yet clear whether versions 56 and earlier, which used different rendering and extensions technologies than the current Firefox browser, are also affected.
Users should update to Firefox 67.0.3 or Firefox ESR 60.7.1. On a Windows PC or a Mac, exiting the browser application and then reopening the application should prompt an update. Android and iOS apps will prompt you to update eventually, but you can update now by going to the Firefox page in either platform's app store. Linux users are at the mercy of their distributions.