+++ This bug was initially created as a clone of Bug #149876 +++
Daniel de Wildt discovered a memory handling flaw in Mozilla string classes that
could overwrite memory at a fixed location if reallocation fails during string
growth. This could theoretically lead to arbitrary code execution.
This issue was fixed in RHSA-2005:277