Dec. 1 2016: as of about 2:30PM PST yesterday, Mozilla had posted an update 50.0.2 to the Firefox browser to fix the 0-day vulerability. Users can download the new browser from https://www.mozilla.org/en-US/firefox/new/?f=94 .
The vulnerability is exploited via compromised websites, so if you still have firefox installed, as long as you don’t try browsing to any websites you can run it. If you have the Firefox maintenance service configured, it has probably already run the update. You can check by runing Firefox -but don’t browse any websites! – pull down the “hamburger menu” – the three stacked horizontal lines icon in the upper right corner, then click the circle with the question mark in the lower right corner of the drop-down menu, then click “About Firefox” – you’ll get a new little window that among other things will list the version right underneath the large word “Firefox” If it’s been updated, it will show the number “50.0.2”.
If it shows 50.0.1 or anything less, it hasn’t been updated. Kill the “About” window, then click the menu icon again. Pick “options” (the gear icon) which will open the options page. Pick “advanced” from the menu in the left column, then pick update from the horizontal menu near the top. Make sure the “Automatically install” radio button is checked, then leave Firefox alone for a few hours to let it update.
Alternatively, and probably the most sure-fire way to get it updated, is to download the fresh installer from the link above, and install the new version directly.