Comment 8 for bug 1901891

Even though successfully exploiting #3 is pretty unlikely, I personally do agree a CVE would be applicable. I feel it’d be appropriate if Red Hat would request it rather than myself.