The Umask code in MozJS translates the input BSON to the type double. The double is then statically typed to the unsigned int (uint32). This could create a problem when the shell is run with the UBSAN and there is an integer overflow, ie. double has a value that does not find in 32 bits. The UBSAN would complain and crash the process.

MozJS seems to translate any number type to double internally, we should clamp the value from double to integer safely as part of the fix.