The host is installed with Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3 or SeaMonkey before 2.31 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle a addition of a second root element to an HTML5 document during parsing. Successful exploitation allows attackers to execute arbitrary code.