See CVE.
security team doesnt usually handle client dos, reassigning to mozilla folks.
Well, it seems there's no reason to keep this one open :P