The host is installed with Mozilla Firefox before 3.6.20 or Thunderbird 3.x before 3.1.12 and is prone to a privilege escalation vulnerability. The flaws are present in the applications, which allow remote attackers to gain chrome privileges by establishing a content area and registering for drop events. Successful exploitation could allow attackers to execute arbitrary code.