The host is installed with Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Mozilla Thunderbird before 3.0.11 and 3.1.x before 3.1.7, or Mozilla SeaMonkey before 2.0.11 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to validate downloadable fonts before use within an operating system's font implementation. Successful exploitation could let remote attackers to execute arbitrary code using vectors related to @font-face Cascading Style Sheets (CSS) rules.