Comment 15 for bug 1460492

Why has this bug been switched to a security vulnerability? It looks like a normal feature request. Can you elaborate on how this represents a risk which could be exploited by a malicious actor?