Comment 26 for bug 1990157

Oh and just to be clear, I reported this as private as it's trivial to turn the discussion public once we are sure the discussion is not exposing vulnerabilities/attack vectors that has not been acknowledged before. The reality that we know the code intimately and something feels obvious knowledge of working that way to us does not mean that it's publicly obvious or known.

So I'm all up for making this public if we are 100% sure there is nothing publicly new in this. Which I'm not at least convinced yet.