The host is missing a critical security update according to Mozilla advisory, MFSA2016-08. The update is required to fix a clickjacking attack vulnerability. A flaw is present in the application, which fails to properly handle delay between the download dialog getting focus and the button getting enabled was too short. Successful exploitation could lead unintentional actions such as the running of downloaded software.