Comment 3 for bug 1382562

Just to confirm the details of this report, you're saying that it's possible for someone who has permission to modify the security group configuration to break that security group... if so, I don't see how an attacker would actively leverage this bug to escalate permissions or cross any established trust boundary. Can you elaborate on what makes this bug a security vulnerability?