Mozilla does not say if attacker can runs his malicious code, but due to marketed this vulnerability as critical, it is possible, because according to US-CERT’s report, attacker can take control of an affected system.
Mozilla said that this vulnerability is already abused on the Internet and you should update your Firefox browser as soon as possible. Fixed browser’s versions are 67.0.3 and ESR 60.7.1.
Update is already distributed via automatic update. If something is not working, you can download updates from Mozilla’s website.