Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox
before 7.0 and SeaMonkey before 2.4, does not validate the return value of
a GrowAtomTable function call, which allows remote attackers to cause a
denial of service (application crash) or possibly execute arbitrary code
via vectors that trigger a memory-allocation error and a resulting buffer
overflow.