Firefox: CVE-2011-3867 a dupe of CVE-2011-2998

[Moritz Muehlenhoff <jmm () debian org>]

Hi,
When http://www.mozilla.org/security/announce/2011/mfsa2011-37.html
went live it initially listed "CVE-2011-XXXX" as the CVE ID. However,
since it was obvious that CVE-2011-2998 was missing in the block of
Mozilla IDs I asked the Mozilla security group for confirmation if
MFSA 2011-37 is in fact CVE-2011-2998, which they confirmed  and 
fixed on the website later the day.

MITRE then seems to have assigned CVE-2011-3867 to this issue:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3867, which
links to the MFSA page, which itself mentions CVE-2011-2998.

Beside Debian CVE-2011-2998 was also used by Red Hat:
https://rhn.redhat.com/errata/RHSA-2011-1341.html and since it's also 
mentioned on the Mozilla page my recommendation would be to reject 
CVE-2011-3867, before it gets used more widely.

Cheers,
        Moritz