Scary shit (if you’re on Windows, which is already scary in its own right)
Apparently re-using a 2013 (slightly modified) shellcode
There’s a link to a version of the code cleaned up a little further: https://gist.github.com/kristovatlas/e03be5f10e48801aec88b0e23f00a3d7
There’s a Tor Browser update out now but no Firefox update yet. The bug effects Firefox on every platform but the posted exploit code only works on Windows.
Remember when everyone used Firefox because it was more secure than the competition. Those were good times.