Comment 17 for bug 1227027

Kurt: all confirmed, yes we need a CVE for this one. I suspect I should post it to oss-security since it's public already ?