I'm not a 'security researcher', and have only a technical layman's grasp of the issue, but:<p>> "By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process,”<p>The first and second sentence there feels like an 'and then a miracle happens' argument (<a href="http://star.psy.ohio-state.edu/coglab/Miracle.html" rel="nofollow">http://star.psy.ohio-state.edu/coglab/Miracle.html</a>). I get that, in some cases dangling pointers might allow you to get a bit of uploaded data to be treated like a bit of internal data. But it seems to me like a piece of extraordinary unlikely bad luck to allow this to execute arbitrary code.<p>So I don't dismiss that there is a theoretical risk, but can anyone suggest how much risk is in these risks. In particular, is the risk of such an exploit greater than the risk of an exploiter finding a new weakness? If not, then I can understand why there is no great urgency to patch these flaws.