This bug is a use-after free vulnerability tied to the browser component “nsDocShell destructor”. The Firefox nsDocShell is a client of the nsI-HttpChannel API, a function of the browser related to reading HTTP headers.
The attackers are targeting the Firefox browser component ReadableStream, an interface of the Streams API. The Streams API is “responsible for breaking a resource that you want to receive over a network down into small chunks,”
These vulnerabilities are currently being exploited in the wild.
Arbitrary code execution
Update to fixed versions.
Firefox 74.0.1 and Firefox ESR 68.6.1