Comment 13 for bug 1163569

It sounds like there's no need for the VMT to issue a security advisory, but it does seem like something the OSSG might be interested in documenting more visibly so I've tagged it to the ML in case they do.