Bugzilla

I'm going to mark this as sec-high, because it looks like it will just dispatch whatever event. It does set MarkAsHandledInRemoteProcess(), which kind of feels like it less concerning, but I only see that [flag being checked in a substantial way in one place](https://searchfox.org/mozilla-central/rev/e77d89c414eac63a295a2124600045775a6f4715/dom/events/EventStateManager.cpp#1396), in EventStateManager::WalkESMTreeToHandleAccessKey(), so it feels like that won't always protect us against a hostile content process? We can lower the rating if I'm wrong, as I don't really know anything about these events.

I'm going to mark this as sec-high, because it looks like it will just dispatch whatever event. It does set MarkAsHandledInRemoteProcess(), which kind of feels like it makes it less concerning, but I only see that [flag being checked in a substantial way in one place](https://searchfox.org/mozilla-central/rev/e77d89c414eac63a295a2124600045775a6f4715/dom/events/EventStateManager.cpp#1396), in EventStateManager::WalkESMTreeToHandleAccessKey(), so it feels like that won't always protect us against a hostile content process? We can lower the rating if I'm wrong, as I don't really know anything about these events.