Comment 19 for bug 1611171

Consensus seems to confirm Tristan's observation this meets the VMT's class D report (security hardening) definition, so I'm marking our advisory task Won't Fix and annotating the bug status and tags accordingly. If the situation is discovered to be explicitly vulnerable after all, we can revisit it at that time.