Full details are usually not given until an update is rolled out, and a lot of the user base has already had time to update to avoid any issues. I've talked about this a lot recently, but this is an example of when isolation of your computer using computer compartmentalization technology or by physically separating your computers from a insecure device, and a more secure device is important. If you have your computers physically separated, then the network could still be compromised if a browser goes haywire. Therefore, I think a software based approach would be the better option. You could run a level 2 virtual machines for your browser, network, and other software while remaining as safe as possible if one of them gets compromised. Firefox is probably the second most used browser on the internet, and millions of users were exposed to this vulnerability, and I'd agree with Ddmr how bad it is for a browser to get complete control of the operating system.
Its worth noting that you'll likely have to manually update Firefox, and double check after the update has finished whether or not you're running the version in the OP.
Seems like it was a known attack vector and being exploited in the wild for some time before the CVE came out.
This is concerning that attackers are having free roam with exploits for such a long time before anyone is even aware of them.
Mozilla need to up there game in the security department big time.
This is usually the case for most exploits. However, most exploits are used against specific targets, and won't be much of a threat to "normal" users. Unfortunately, there's no way of preventing this from happening, and vulnerabilities will always be found in software, especially in newly released updates. There's a lot of debate among software engineers whether you should update or stick with a older version a little longer than usual. This is why a lot of companies keep a up to date long term support option.
