Mozilla Foundation Security Advisory 2011-20
Title: Use-after-free vulnerability when viewing XUL document with script disabled
Announced: June 21, 2011
Reporter: Martin Barbella
Products: Firefox, Thunderbird, SeaMonkey
Fixed in: Firefox 5
XUL document support was disabled by default in Firefox 4 and SeaMonkey 2.1 and users of those versions are not generally at risk. It is possible for add-ons to re-enable the feature for specific sites (for example, to support a legacy intranet XUL application) which would have introduced this vulnerability while browsing those sites.