moz_bug_r_a4 reports that the fix for
MFSA 2006-72 in Firefox 1.5.0.9 and Firefox 2.0.0.1
introduced a regression that allows scripts from web content
to execute arbitrary code by setting the src
attribute of an IMG
tag to a specially crafted
javascript: URI.
The same regression also caused javascript: URIs in
IMG
tags to be executed even if JavaScript
execution was disabled in the global preferences. This facet was
noted by moz_bug_r_a4 and reported independently by
Anbo Motohiko.
Thunderbird is not affected by this flaw as it will not execute
javascript: URIs in IMG
tags.
Upgrade to a version containing the fix. Disabling JavaScript does not protect against this flaw.