The host is missing a critical security update according to Mozilla advisory, MFSA-2015-42. The update is required to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to restricted internal methods. Successful exploitation could allow attackers to execute arbitrary JavaScript code with chrome privileges.