Comment 18 for bug 1316271

I think this falls into "hardening" -- it's not an exploitable vulnerability per se, and fixing this would significantly alter behavior and therefore can't really be backported.

It sounds like very welcome hardening though, so it would really be great if (1) we had an OSSN to cover for this and maybe (2) we improved the default situation in future releases.