The host is installed with Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13 or Mozilla SeaMonkey before 2.0.11 and is prone to privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle injection of an ISINDEX element into an about:blank page which upon submission would redirect to a chrome: document. Successful exploitation could allow remote attackers to execute arbitrary JavaScript code with chrome privileges.