The vulnerability comes from the interaction of the mechanism that enforces JavaScript context separation (the “same origin policy”) and Firefox’s PDF Viewer. Mozilla products that don’t contain the PDF Viewer, such as Firefox for Android, are not vulnerable.
Read more here – https://support.mozilla.org/en-US/kb/update-firefox-latest-version
Update Firefox to the latest version – https://support.mozilla.org/en-US/kb/update-firefox-latest-version