Mozilla released Firefox 10.0.1, Firefox ESR 10.0.1, Thunderbird 10.0.1, Thunderbird ESR 10.0.1 and SeaMonkey 2.7.1 to fix a single critical security hole in the browsers and mail clients which appeared in version 10.
The security advisory said versions previous to Firefox 10, Thunderbird 10 and Seamonkey 2.7 are unaffected by the use after free problem.
Mozilla developers discovered the issue, which causes a “potentially exploitable” crash in nsXBLDocumentInfo::ReadPrototypeBindings.
Updates are available through Firefox, Thunderbird and SeaMonkey’s automatic update system and can also install by bringing up the “About” dialogue for the relevant application and selecting the “Apply Upgrade” button when it appears. Firefox and Thunderbird 10 released at the end of January.
The updates are also available for the new ESR (Extended Support Release) versions of the browser and email client, Firefox ESR and Thunderbird ESR which are currently in their “qualification” phase.