The Mozilla Foundation reported on Monday that a critical JavaScript bug in the Firefox browser and in the SeaMonkey Internet application suite could allow a malicious Web site to inject arbitrary code into a vulnerable PC.
The bug was inadvertently brought into being by an earlier fix that came out in December 2006. That fix regressed the code so that the applications now allow Web scripts to execute arbitrary code by setting the src attribute of an IMG tag to a specially crafted JavaScript: URI.
Disabling JavaScript won’t save you, since the regression also causes the URIs in IMG tags to execute even if JavaScript execution has been disabled in preferences.
The Thunderbird e-mail client isn’t affected by the flaw. Affected versions are Firefox 1.5.0.9/2.0.0.1 and SeaMonkey 1.0.7.
Mozilla has a fix out and is recommending that users upgrade. The Firefox upgrade is here, and the SeaMonkey upgrade is here.