Mozilla Monday released a security update to patch a critical flaw in Firefox which could allow an attacker to take control of the affected system.

The vulnerability, CVE-2016-9078, only affects Firefox 49 and 50 and was patched in version 50.0.1 and could allow a URL to inherit the wrong origin after an HTTP redirect, according to a Nov. 28 security advisory.

“This can result in same-origin violations against a domain if it loads resources from malicious sites,” the advisory said. “Cross-origin setting of cookies has been demonstrated without the ability to read them.”

Anyone using an infected system is encouraged to update as soon as possible. Earlier this month, Mozilla released a number of security fixes affecting two of its Firefox browsers - the widely used consumer edition, v50, and ESR 45.5, intended for enterprises which manage client desktops.