Mozilla has pushed out an update to patch a analytical vulnerability in Firefox. It’s urging users to update as bound as accessible — and it’s joined in that admonishing by the US government.

Chinese cybersecurity firm Qihoo 360 appear the zero-day exploit. Mozilla claims to be aware of “targeted attacks in the wild abusing this flaw,” though it doesn’t say absolutely how it’s being abused. It describes the botheration as “Incorrect alias advice in IonMonkey JIT compiler for ambience array elements could lead to a type confusion.”

Even the Department of Homeland Security is urging users to update their Firefox browser to the latest version. The Cybersecurity and Infrastructure Security Agency (CISA) warns the flaw could be exploited to “take ascendancy of an afflicted system,” which absolutely sounds dire.

This is the third zero-day accomplishment Mozilla has patched in a year. Last June, one such attack, which was also declared as a “type abashing vulnerability,” allegedly targeted Coinbase users. A second flaw was patched a few days later. According to ZDNet, the zero-days were used by a hacking group in an attack to infect Coinbase staff via a spear-fishing email absolute links to awful sites.

This accepted accomplishment sounds just as bad, if not worse, so we echo the CISA admonishing to update your Firefox browser.

Read next: India's apex court says broad internet shutdowns breach rules - but Kashmir is still offline