According to the Mozilla Foundation, the vulnerability was posted on Thursday to Full Disclosure, a public security mailing list. The same day, the foundation's security team confirmed the report and developed a fix. On Friday, the Mozilla team released a configuration change that resolves the problem by explicitly disabling the use of the shell external protocol handler. . . .
According to the Mozilla Foundation, the vulnerability was posted on Thursday to Full Disclosure, a public security mailing list. The same day, the foundation's security team confirmed the report and developed a fix.

On Friday, the team released a configuration change that resolves the problem by explicitly disabling the use of the shell external protocol handler. Instructions on administering the patches can be found on the foundation's site.
The organization has noted that it will continue efforts to release secure products and respond quickly when security vulnerabilities are identified in its software.

It has also announced that future versions of Mozilla Firefox will include automatic update notifications, which will make it easier for users to be alerted to security fixes.