Comment 4 for bug 1627597

I've switched the security advisory to opinion state and subscribed the security team reviewers to see whether this falls into the scope of existing work taken on by the security note editors.