The host is installed with Mozilla Firefox before 3.6.18 or Thunderbird before 3.1.11 and is prone to use-after-free vulnerability. A flaw is present in the applications which fails to properly handle XUL document. Successful exploitation allows remote attacker to execute arbitrary code.