The host is installed with Mozilla Firefox before 45.0, Firefox ESR 38.x before 38.7 or Mozilla Thunderbird 38.x before 38.7 and is prone to a denial of service vulnerability. A flaw is present in the nsScannerString::AppendUnicodeTo function in Mozilla Firefox, which fails to handle a crafted Unicode data in an HTML, XML, or SVG document. Successful exploitation allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read).