The host is installed with Mozilla Firefox before 3.6.18 or Thunderbird before 3.1.11 and is prone to use-after-free vulnerability. A flaw is present in the applications which fails to properly handle user-supplied callback. Successful exploitation allows remote attacker to execute arbitrary code and cause a denial of service.