Firefox - bug 492779
Code changes made: here and here
Looked very promising at first. A common library routine used in many places with a straight forward integer overflow, caused because it multiplied before dividing..Exploitation also looked promising since we could control the amount to overflow the buffer with by using invalid base64 characters to make the decode no-op.
Reason for discarding:
Was unable to trigger it.