Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding (XBL.method.eval) to create Javascript functions that are compiled with extra privileges.
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
secunia.com/advisories/19631
secunia.com/advisories/19696
secunia.com/advisories/19714
secunia.com/advisories/19721
secunia.com/advisories/19729
secunia.com/advisories/19746
secunia.com/advisories/19759
secunia.com/advisories/19780
secunia.com/advisories/19794
secunia.com/advisories/19811
secunia.com/advisories/19821
secunia.com/advisories/19823
secunia.com/advisories/19852
secunia.com/advisories/19862
secunia.com/advisories/19863
secunia.com/advisories/19902
secunia.com/advisories/19941
secunia.com/advisories/19950
secunia.com/advisories/20051
secunia.com/advisories/21033
secunia.com/advisories/21622
sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
support.avaya.com/elmodocs2/security/ASA-2006-205.htm
www.debian.org/security/2006/dsa-1044
www.debian.org/security/2006/dsa-1046
www.debian.org/security/2006/dsa-1051
www.gentoo.org/security/en/glsa/glsa-200604-12.xml
www.gentoo.org/security/en/glsa/glsa-200604-18.xml
www.gentoo.org/security/en/glsa/glsa-200605-09.xml
www.kb.cert.org/vuls/id/813230
www.mandriva.com/security/advisories?name=MDKSA-2006:075
www.mandriva.com/security/advisories?name=MDKSA-2006:076
www.mandriva.com/security/advisories?name=MDKSA-2006:078
www.mozilla.org/security/announce/2006/mfsa2006-14.html
www.novell.com/linux/security/advisories/2006_04_25.html
www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html
www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html
www.redhat.com/support/errata/RHSA-2006-0328.html
www.redhat.com/support/errata/RHSA-2006-0329.html
www.redhat.com/support/errata/RHSA-2006-0330.html
www.securityfocus.com/archive/1/434524/100/0/threaded
www.securityfocus.com/archive/1/436296/100/0/threaded
www.securityfocus.com/archive/1/436338/100/0/threaded
www.securityfocus.com/archive/1/438730/100/0/threaded
www.securityfocus.com/bid/17516
www.us-cert.gov/cas/techalerts/TA06-107A.html
www.vupen.com/english/advisories/2006/1356
exchange.xforce.ibmcloud.com/vulnerabilities/25815
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1037
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10930
usn.ubuntu.com/271-1/
usn.ubuntu.com/275-1/
usn.ubuntu.com/276-1/