The host is installed with Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13 or Mozilla SeaMonkey before 2.0.11 and is prone to multiple cross-site scripting (XSS) vulnerabilities. The flaws are present in the rendering engine, which are caused due to some characters being converted to angle brackets when displayed by the engine. Successful exploitation could allow remote attackers to inject arbitrary web script or HTML using (1) x-mac-arabic, (2) x-mac-farsi, or (3) x-mac-hebrew characters.