Daniel de Wildt discovered a memory handling flaw in Mozilla string classes that
could overwrite memory at a fixed location if reallocation fails during string
growth. This could theoretically lead to arbitrary code execution. Creating the
exact conditions for exploitation--including running out of memory at just the
right moment--is unlikely.
This flaw was independently discovered by GaÃ«l Delalleau and reported by iDEFENSE
*** This bug has been marked as a duplicate of 149876 ***