A remote code execution vulnerability has been discovered in Mozilla Firefox. The flaw affects Firefox prior to 67.0.4 and Firefox ESR prior to 60.7.2. The defect is due to how parameters passed with the Prompt:Open IPC message are vetted. Successful exploitation could allow an attacker to escape from the Firefox protected process and execute arbitrary code. The vulnerability is actively being exploited in the wild.