Comment 6 for bug 1651679

Sure, and it seems worth fixing, but posting malicious Web ads in an attempt to induce some load on a firewalled Horizon server strikes me as an unlikely and low-enough risk vector so as to not need an advisory (much less one coordinated secretly under embargo).