(In reply to comment #38) > I wasn't clear enough in comment 34, let me explain better :-) > > The Mozilla change that exposed this, > https://bugzilla.mozilla.org/show_bug.cgi?id=860254, is exactly about having > memory overwritten immediately on free(). So this is _exactly_ what is > happening here :-) Ah, I missed that little bit, sorry! You're almost certainly right then.