Mozilla team members discovered several crashes during testing of the browser engine showing evidence of memory corruption that we presume is exploitable.
Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail.
Disable Javascript until you can upgrade to a fixed version.
Removing nested <option>s from a select (Jesse Ruderman)
Crashes during DOMNodeRemoved mutation event
Content-implemented tree views can corrupt memory (Boris Zbarsky)
Memory corruption involving BoxObjects (Boris Zbarsky, Neil Rashbrook, Georgi Guninski)
XBL implementation doesn't root temporaries correctly (L. David Baron)
crash with iframe removing itself (Georgi Guninski)
potential integer overflow in jsstr tagify (Georgi Guninski)