Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.062
EPSS Ranking 92.7%