Update: Firefox has issued a new version, 50.0.2, that corrects this issue.
Wordfence, a security site focused on WordPress.org sites, has published an emergency bulletin recommending a temporary switch to Chrome, Safari, or other non-Firefox based browser that is secure until the Firefox dev team can release an update. There is a “day zero vulnerability” that allows an attacker to control Windows systems with a high success rate affecting Firefox versions 41 to 50.
SecurityWeek reports that the vulnerability can also affect the Mac OS, but there are no current exploits observed in the wild targeting that OS.
Wordfence keeps pretty current with security news and this is the first time I have seen them release an emergency bulletin.
The Twitter account @dguido from TrailOfBits.com is listed as a source for the information in these two articles.
Update: ZDNet has now picked up the story with additional information about Mozilla’s response.