The update, Firefox 184.108.40.206, also patches a privilege escalation vulnerability.
Current users of Firefox 2 will receive an update notice. Others can download it from the Mozilla site.
Although the patches released on Tuesday should eliminate the known vulnerabilities, Mozilla also recommends that the following workaround be added to release 220.127.116.11. To make mail-related links always prompt in Firefox before launching external programs, do the following:
Enter "about:config" in the location bar.
Enter "warn-external" in the filter: box.
Double click to set the mailto, news, nntp, and snews lines to "true".