The host is installed with Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13 or Mozilla SeaMonkey before 2.0.11 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects when the XMLHttpRequestSpy module in the Firebug add-on is used. Successful exploitation could allow remote attackers to execute arbitrary JavaScript via a crafted HTTP response.