Mozilla released security updates to address a vulnerability in Firefox and Firefox ESR that could allow attackers to take control of an affected system.

The vulnerability is rated critical and is actively being exploited in the wild. Mozilla called it “a type confusion vulnerability” that occurs when manipulating JavaScript objects due to issues in Array.pop. When exploited, the vulnerability can ultimately result in an exploitable crash, according to a June 18 security notice.

The issue was addressed and patched in Firefox 67.0.3 and Firefox ESR 60.7.1. Those who are affected are advised to update their systems immediately.