Comment 10 for bug 1265665

That impact description looks fine to me. Would it help at all (from a risk identification perspective) to point out that this exploit involves identifying objects at random, and so poses additional hurdles for any sort of targeted attack (needle in haystack situation)?