Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow
remote attackers to execute arbitrary code via JavaScript onUnload handlers
that modify the structure of a document, wich triggers memory corruption
due to the lack of a finalize hook on DOM window objects.