Security researcher Nils discovered a use-after-free error
in which the imgLoader
object is freed while an image is being
resized. This results in a potentially exploitable crash.
In general this flaw cannot be exploited through email in the Thunderbird and Seamonkey products because scripting is disabled, but is potentially a risk in browser or browser-like contexts.