Your system may not meet the requirements for Firefox, but you can try one of these versions:

Your system doesn't meet the requirements to run Firefox.

Your system doesn't meet the requirements to run Firefox.

Please follow these instructions to install Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2013-77

Improper state in HTML5 Tree Builder with templates

September 17, 2013
Atte Kettunen
Firefox, SeaMonkey, Thunderbird
Fixed in
  • Firefox 24
  • SeaMonkey 2.21
  • Thunderbird 24


Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG found that the HTML5 Tree Builder does not properly store state when interacting with template elements. Because some stack information is incorrectly stored, the template insertion mode stack can be used when it is empty. This could possibly lead to code execution in some circumstances.

In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.