Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4,
executes a mail application in situations where an IMG element has a SRC
attribute that is a redirect to a mailto: URL, which allows remote attackers to
cause a denial of service (excessive application launches) via an HTML document
with many images.