Bugzilla

### ESR Uplift Approval Request
* **If this is not a sec:{high,crit} bug, please state case for ESR consideration**: Note, the patch applies to esr91 with --fuzz=3
* **User impact if declined**: Executing javascript in the domain of a sandboxed iframe, even though allow-scripts is not specified
* **Fix Landed on Version**: 99
* **Risk to taking this patch**: Low
* **Why is the change risky/not risky? (and alternatives if risky)**: Passing around the flags from the original browsing context to the new one should be relatively safe.

### Beta/Release Uplift Approval Request
* **User impact if declined**: 
* **Is this code covered by automated tests?**: Yes
* **Has the fix been verified in Nightly?**: Yes
* **Needs manual test from QE?**: Yes
* **If yes, steps to reproduce**: 
* **List of other uplifts needed**: None
* **Risk to taking this patch**: Low
* **Why is the change risky/not risky? (and alternatives if risky)**: 
* **String changes made/needed**: NA

### ESR Uplift Approval Request
* **If this is not a sec:{high,crit} bug, please state case for ESR consideration**: Note, the patch applies to esr91 with --fuzz=3
* **User impact if declined**: Executing javascript in the domain of a sandboxed iframe, even though allow-scripts is not specified
* **Fix Landed on Version**: 99
* **Risk to taking this patch**: Low
* **Why is the change risky/not risky? (and alternatives if risky)**: Passing around the flags from the original browsing context to the new one should be relatively safe.

### Beta/Release Uplift Approval Request
* **User impact if declined**: 
* **Is this code covered by automated tests?**: Yes
* **Has the fix been verified in Nightly?**: Yes
* **Needs manual test from QE?**: No
* **If yes, steps to reproduce**: 
* **List of other uplifts needed**: None
* **Risk to taking this patch**: Low
* **Why is the change risky/not risky? (and alternatives if risky)**: 
* **String changes made/needed**: NA