Changing the title to reflect that we **have** Fission Site Sandboxing, but like all software it's not bug free. We think the remaining cases here are not concerning enough to be worthy of our (immediate!) attention. But we're keeping this metabug open in case someone finds something serious, so they can be centrally linked. We consider it security vulnerability if a compromised renderer can do bad things to other sites, and we would consider it for a bug bounty if it's especially bad. If it's stealing browser history or impersonating a Clear-Site-Data request or something like that - it's not a priority, but we'd still link it here to keep track of everything we know we can improve.
Bug 1505832 Comment 3 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Changing the title to reflect that we **have** Fission Site Sandboxing, but like all software it's not bug free. We think the remaining cases here are not concerning enough to be worthy of our (immediate!) attention. But we're keeping this metabug open in case someone finds something serious, so they can be centrally linked. _We consider it security vulnerability if a compromised renderer can do bad things to other sites_, and we would consider it for a bug bounty if it's especially bad. If it's stealing browser history or impersonating a Clear-Site-Data request or something like that - it's not a priority, but we'd still link it here to keep track of everything we know we can improve.