ns6install installation script for Netscape 6.01 on Solaris, and other versions including 6.2.1 beta, allows local users to overwrite arbitrary files via a symlink attack.
https://exchange.xforce.ibmcloud.com/vulnerabilities/7042
http://www.securityfocus.com/bid/3243
http://marc.info/?l=bugtraq&m=99893667921216&w=2
http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0036.html