The company had issued an update in December to tackle a JavaScript bug in Firefox, SeaMonkey and the Thunderbird email client.
However, that patch generated another vulnerability that could allow JavaScript code from web content to execute arbitrary code on to the user’s computer, Mozilla said in a security advisory.
The open-source software company is urging users to download Firefox version 1.5.0.10 or 2.0.0.2 and SeaMonkey version 1.1.1 or 1.0.8.
Thunderbird is not affected by the latest vulnerability, according to Mozilla.