The Mozilla Foundation has published a fix for a ‘critical’ JavaScript vulnerability in the Firefox browser and the SeaMonkey application suite.

The fix targets Firefox versions and, as well as SeaMonkey versions 1.1.1 and 1.0.8. An earlier fix for a JavaScript problem allowed scripts from web content to execute arbitrary code, the Mozilla Foundation said in a security update.

The vulnerability allowed uniform resource identifiers, or URIs, in image tags to be executed even if JavaScript was disabled in the program preferences, Mozilla said. Disabling JavaScript does not protect against the flaw, so the foundation recommended that users upgrade the applications to new versions.

Mozilla's Thunderbird email client was not affected by the vulnerability, it said.