Firefox 3.5.7 issue tracking bug
The nsObserverList::FillObserverArray function in
xpcom/ds/nsObserverList.cpp in Mozilla Firefox before 3.5.7 allows
remote attackers to cause a denial of service (application crash) via
a crafted web site that triggers memory consumption and an
accompanying Low Memory alert dialog, and also triggers attempted
removal of an observer from an empty observers array.
No vulnerable versions are in the tree.
Vote: YES. Added to pending GLSA request.
This issue was resolved and addressed in
GLSA 201301-01 at http://security.gentoo.org/glsa/glsa-201301-01.xml
by GLSA coordinator Sean Amoss (ackle).