Bug 1332190 - [Mac] Enable level 3 Mac content sandbox, removing filesystem read access. r=Alex_Gaynor
MozReview-Commit-ID: JR624YV4Cns
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -1069,17 +1069,17 @@ pref("security.sandbox.gpu.level", 0);
// to ~/Library and profile directories are prevented (excluding
// $PROFILE/{extensions,chrome})"
// 3 -> "no global read/write access, read access permitted to
// $PROFILE/{extensions,chrome}"
// This setting is read when the content process is started. On Mac the content
// process is killed when all windows are closed, so a change will take effect
// when the 1st window is opened.
#if defined(NIGHTLY_BUILD)
-pref("security.sandbox.content.level", 2);
+pref("security.sandbox.content.level", 3);
#else
pref("security.sandbox.content.level", 1);
#endif
#endif
#if defined(XP_LINUX) && defined(MOZ_SANDBOX) && defined(MOZ_CONTENT_SANDBOX)
// This pref is introduced as part of bug 742434, the naming is inspired from
// its Windows/Mac counterpart, but on Linux it's an integer which means: