From 5d3da00102738ed3f1e968f3b5e0e6e0120f1b19 Mon Sep 17 00:00:00 2001
From: Bill McCloskey <billm@mozilla.com>
Date: Wed, 20 Jan 2016 17:09:41 -0500
Subject: [PATCH] Bug 1233497 - Disallow unsafe CPOWs in browser code.
 r=mrbkap.

--HG--
extra : commitid : 2sUjSTv5XJT
extra : rebase_source : cb6a85709fd61385d95d17896f1e376f1f871478
---
 browser/app/profile/firefox.js | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/browser/app/profile/firefox.js b/browser/app/profile/firefox.js
index fdad091790df..b6bfff53abec 100644
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -1589,6 +1589,9 @@ pref("browser.defaultbrowser.notificationbar", false);
 // the hang monitor.
 pref("dom.ipc.cpow.timeout", 500);
 
+// Causes access on unsafe CPOWs from browser code to throw by default.
+pref("dom.ipc.cpows.forbid-unsafe-from-browser", true);
+
 // Enable e10s hang monitoring (slow script checking and plugin hang
 // detection).
 pref("dom.ipc.processHangMonitor", true);