Flaw in Firefox 2.0 Final
This flaw reported by Mozilla
http://www.mozilla.org/security/announce/2006/mfsa2006-59.html
is still unfixed in the latest Firefox 2.0 final.
This exploit works in Firefox 2.0 Final: http://lcamtuf.coredump.cx/ffoxdie.html
"Jonathan Watt and Michal Zalewski independently reported timing dependent
testcases that trigger crashes at the same place during text display. We have
seen no demonstration that these crashes could be reliably exploited, but they
do show evidence of memory corruption so we presume they could be.
Note: Thunderbird shares the browser engine with Firefox and could be
vulnerable if JavaScript were to be enabled in mail. This is not the default
setting and we strongly discourage users from enabling JavaScript in mail."