The nsObserverList::FillObserverArray function in
xpcom/ds/nsObserverList.cpp in Mozilla Firefox before 3.5.7 allows
remote attackers to cause a denial of service (application crash)
via a crafted web site that triggers memory consumption and an
accompanying Low Memory alert dialog, and also triggers attempted
removal of an observer from an empty observers array (CVE-2010-0220).
Additionally, some packages which require so, have been rebuilt and
are being provided as updates.