Comment 21 for bug 861854

@heckj: do you agree this is a known weakness of the current API that needs to be strengthened, rather than a directly-exploitable security vulnerability ? In which case we will open this bug publicly rather than continue to consider it under embargo.