Security researcher Zach Hoffman reported that a recursive call to eval() wrapped in a try/catch statement places the browser into a inconsistent state. Any dialog box opened in this state is displayed without text and with non-functioning buttons. Closing the window causes the dialog to evaluate to true. An attacker could use this issue to force a user into accepting any dialog, such as one granting elevated privileges to the page presenting the dialog.
This is now public: http://www.mozilla.org/security/announce/2011/mfsa2011-02.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2011:0310 https://rhn.redhat.com/errata/RHSA-2011-0310.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2011:0312 https://rhn.redhat.com/errata/RHSA-2011-0312.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2011:0313 https://rhn.redhat.com/errata/RHSA-2011-0313.html