Mozilla: Potential integer overflow in ReplaceElementsAt
The Mozilla Foundation Security Advisory describes this flaw as: In the nsTArrayImpl::ReplaceElementsAt function, where an integer overflow could occur when the number of elements to replace was too large for the container...