The host is missing an important security update according to Mozilla advisory, MFSA2016-76. The update is required to fix a cross-site scripting vulnerability. A flaw is present in the applications, which fail to handle unknown vectors. Successful exploitation allows remote attackers to execute scripts on marquee tag in sandboxed iframes.