Comment 10 for bug 1861408

>At the moment we recommend granting the capability in the profile and letting firefox setup its sandbox.

why do not ubuntu developers add it? (before they make it other way.)

>Unfortunately this means you can't guarantee the rest of the program isn't doing things it shouldn't.

what it can do using this capability, without using any other additional apparmor allow rules? can you give any examples?