The host is installed with Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13 or Mozilla SeaMonkey before 2.0.11 and is prone to security bypass vulnerability. A flaw is present in Java security handling, which fails to properly process certain redirections involving data: URLs and Java LiveConnect scripts. Successful exploitation could allow remote attackers to receive elevated privileges to start processes, read arbitrary local files and establish network connections via vectors involving a refresh value in the http-equiv attribute of a META element.