A vulnerability where Firefox/Thunderbird uses memory not initialized could allow remote execution using a crafted web. Doing a bad nesting with especially li, ul, dd and a bad tag and also using some css properties, Firefox/Thunderbird got crashed in an exploitable way. Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=679572