Yesterday Mozilla made available unscheduled security updates for Firefox 40 and Firefox ESR (Extended Support Release) 38.2.
These updates resolve 2 CVEs (CVE, defined) (1x critical severity, 1x high severity). The high severity issue concerned a possible means of forging where an add-on for Firefox was being installed from and an issue where the permission to install prompt that is supposed to appear would not do so. This could have been used to deceive a user into trusting an add-on more than they should (since the add-on would appear to come from a trusted site) and could have allowed malicious add-ons to be installed without permission.
The critical issue being addressed was a use-after-free vulnerability (use-after-free, defined) that was reported to Mozilla by 2 distinct sources.
Further details of these updates (and the issues mentioned above) are available for Firefox 40.0.3 and Firefox ESR 38.2.1. If Firefox is installed on any computer that you use, please install the appropriate updates as soon as possible. Details of how to install updates for Firefox are here.
Mozilla Firefox updates generally install without issues, however as always I would recommend backing up the data on any device for which you are installing updates in order to prevent data loss in the rare event that any update causes unexpected issues.