Details are available from Mozilla, NewsForge, Full Disclosure, and Bugzilla.
The patch (released a day after the vulneurability was noticed) is 1kb, available from the above link or from Mozilla Update. You can also install new point releases of Mozilla Suite, Firefox, and Thunderbird. Make sure you restart your browser after installing the patch.