[UPDATE: 2015-08-11. Today Mozilla released Firefox v40.0, available HERE.]
[Firefox ESR is the Extended Support Release version, typically used by large organizations who need its special update features and reliability.]
Further details about the exploit are available from the Mozilla Security Blog.
Update to Firefox v39.0.3 (or higher) for regular users. Enterprise Firefox users can update to ESR v38.1.1 (or higher). Firefox OS users can update to v2.2.
~ ~ ~ ~ ~
One of them is also being exploited in the wild as a method of infecting Macs with adware and crapware. It is generically called the DYLD_PRINT_TO_FILE exploit.
Another pair of security flaws are called 'Thunderstrike' and 'Thunderstrike 2' rootkits. They involve infecting Mac EFI firmware with malware. Apple has been progressively patching these two problems since 10.10.2, but has not yet entirely blocked them.
The last of the currently prominent security flaws allows hacking the Keychain on both OS X and iOS to steal user passwords. This flaw further implicates problems in Apple's app sandbox system and their security vetting of iOS apps for the iOS App Store. Apple has known about this set of flaws since October 2014 and has so far neglected to patch them.
It is assumed at this time that Apple will patch this group of security flaws in OS X 10.10.5 Yosemite. So keep an eye out for it in the very near future. If you find it annoying and dangerous that Apple has been sitting on these OS X and iOS security flaws for a considerable amount of time, you're not alone!