The host is installed with Mozilla Firefox before 3.6.20 or 4 or 5 orThunderbird before 6 or SeaMonkey 2.x before 2.3 and is prone to a remote code execution vulnerability. A flaw is present in the applications, which fail to handle SVG text. Successful exploitation could allow attackers to execute arbitrary code.