+++ This bug was initially created as a clone of Bug #1304140 +++ GetNewOrUsedBrowserProcess() now uses rand() and will cause some tools to complain since rand() is generally not security-safe. That might not matter in this case; if so at least it should be commented as irrelevant.
The use of rand() being added by my code seems like a rebasing error on my part. I did not intend to modify the content process selection model at all unless the aFreshProcess flag was enabled. Either I or someone else should make a patch to change it back to the way it worked before.
Looks like it was added a while ago for Bug 762802: https://hg.mozilla.org/mozilla-central/rev/d3212385b1aff58fe9b23793d93316f92bef640f
(In reply to Bob Owen (:bobowen) from comment #2) > Looks like it was added a while ago for Bug 762802: > https://hg.mozilla.org/mozilla-central/rev/ > d3212385b1aff58fe9b23793d93316f92bef640f Predates that; the bug 762802 changeset just touched that line. The static-analysis detector fired a 'new' hit because Michael touched the line. Since it's not new, it's less of an issue - and the static analysis won't complain until it's touched again. A comment that it's ok and not a sec issue might avoid confusion next time.