Firefox developers said they are aware of “reports of attacks in the wild” actively exploiting these vulnerabilities.
“We’ve had reports of in-the-wild attacks abusing these flaws,” Mozilla said.
Both zero-day vulnerabilities are “use-after-free” bugs, that is, when a program attempts to use memory that has been previously cleared.
When hackers exploit this type of bug, it can cause the program to crash, allowing commands to be executed on the device without permission, reports Bleeping Computer.
“These bugs are critical because they could allow a remote attacker to execute almost any command, including downloading malware to provide additional access to the device,” the report said on Sunday evening.
The company strongly recommended that Firefox users update their browsers immediately.
Mozilla recently fixed nine of 10 bugs affecting its software within 90 days of the initial report.
It also took an average of 46 days to fix bugs, compared to Google’s 44 days, Apple’s 69 days and Microsoft’s 83 days, ZDNet reports.