Assuming this[1] test for sparse indexes with extra properties in the unfixed version of the file as part of the bugged code, the annotations suggest that the bug MIGHT have been (partially?) introduced by this[2] changeset. If so, that means all versions of Firefox >= 38.0a1 (21 Apr 2015) might be vulnerable to the bug.
If the bug is really that old, it's certainly possible it might have been abused in the wild, perhaps in more ways than the just the "targeted attacks" mentioned the report.
"This simplifies the code a bit because ElementAccessHasExtraIndexedProperty
checks for length-overflow and sparse-indexes so the callers don't have to
do that anymore."
simple code best code, the less opportunity you give people to shoot themselves in the foot the better
