The host is installed with Mozilla Firefox before 34.0 or SeaMonkey before 2.31 and is prone to a DOM object restriction bypass vulnerability. A flaw is present in the applications, which fail to properly interact with XrayWrapper property filtering. Successful exploitation allows attackers to bypass intended DOM object restrictions by leveraging property availability after XrayWrapper removal.