Comment 18 (Daimar Stein) and comment 19 (walmartguy) please open new bugs or check if there is existing similar bug, this bug is *only* about VAAPI not working because of sandboxing. > What are the exact security implications of the aforementioned workaround? I want a secure browser, but I also don't want my lap to burn while watching YouTube videos xD. It's hard to quantify. Thanks to VA-API decoding now happening in its own RDD process exploitation gets hard of course. But having no sandbox at all obviously makes trivial to take over everything if an exploit is found.
Bug 1751363 Comment 23 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Comment 18 (Daimar Stein) and comment 19 (walmartguy) please open new bugs or check if there is an existing similar bug, this bug is *only* about VAAPI not working because of sandboxing. > What are the exact security implications of the aforementioned workaround? I want a secure browser, but I also don't want my lap to burn while watching YouTube videos xD. It's hard to quantify. Thanks to VA-API decoding now happening in its own RDD process exploitation gets hard of course. But having no sandbox at all obviously makes it trivial to take over everything if an exploit is found.