security flaw

EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox...

USN-297-1: Thunderbird vulnerabilities

Jonas Sicking discovered that under some circumstances persisted XUL attributes are associated with the wrong URL. A malicious web site could exploit this to execute arbitrary code with the privileges of the user. MFSA 2006-35, CVE-2006-2775 Paul Nickerson discovered that content-defined setters ...

CVE-2006-2787

CVE-2006-2787 affects Mozilla Firefox and Thunderbird prior to 1.5.0.4. The issue arises in EvalInSandbox, where JavaScript calling valueOf on objects created outside the sandbox can let remote attackers gain privileges. This is a sandbox-escape vulnerability with full confidentiality, integrity,...

EvalInSandbox escape (Proxy Autoconfig, Greasemonkey) — Mozilla

Mozilla researcher mozbugra4 demonstrated that javascript run via EvalInSandbox can escape the sandbox and gain elevated privilege by calling valueOf on objects created outside the sandbox and inserted into it. Malicious scripts could use these privileges to compromise your computer or data...