Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1.
https://www.mozilla.org/security/advisories/mfsa2020-04/
https://www.mozilla.org/security/advisories/mfsa2020-03/
https://usn.ubuntu.com/4335-1/