Comment 7 for bug 1901891

Anyone can request a CVE, feel free to request one for this.

As Jeremy pointed out, #3 is pretty impossible to exploit, so we likely won't issue an advisory.