Monitoring service Securityview today confirmed the flaw, present in Firefox version 126.96.36.199.
"As a result, many mail windows will be opened, and the system will become unresponsive," SANS said.
As users await a patch, the group recommended configuring the email application so it does not start up automatically.
"Now, whenever you click on a mailto: link, you will first be asked if you would like to start your email application," SANS said. "In the case of this exploit, this will keep your system responsive, even though you may still have to click on all the dialogs."
As of this afternoon, Firefox had not released an advisory on the vulnerability.