This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
Now: When third-party software is run with the same privileges as the user agent itself, vulnerabilities in the third-party software become as dangerous as those in the user agent. Suggestion: When third-party software is run with the same privileges as the user agent itself, vulnerabilities in the third-party software become as dangerous as if they were vulnerabilities of the user agent itself. Comment: At the moment it sounds like there are vulnerabilities in the user agent by default.
HTML5.1 Bugzilla Bug Triage: Fixed, updated per suggestion. https://github.com/w3c/html/pull/238