I would add, based on my reading of the exploit, that you would have had to visit the FH main onion address, the Tormail web site, and perhaps some specific CP sites hosted on FH. The exploit set a cookie and had to be run from each site you visited to update your Tor Browser cookies with a specific ID. I haven't seen any evidence that they served the exploit on all onion addresses that were hosted on FH. I think the bigger issue for this community is all the intel they are going to gather from unencrypted Tormail messages.