The host is missing a security update according to MFSA 2012-95. The update is required to fix arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle a javascript: URL in a bookmark. Successful exploitation allows user-assisted remote attackers to run arbitrary programs by leveraging a javascript: URL in a bookmark.