+++ This bug was initially created as a clone of Bug #149876 +++ Daniel de Wildt discovered a memory handling flaw in Mozilla string classes that could overwrite memory at a fixed location if reallocation fails during string growth. This could theoretically lead to arbitrary code execution. http://www.idefense.com/application/poi/display?id=200&type=vulnerabilities&flashstatus=true
This issue should also affect FC2.
Fixed in latest mozilla release version.