- bug 1287426 - Update security/sandbox/chromium/ to Chromium stable channel version 49.0.2623.112 - problem with USER_NON_ADMIN access token level - uploaded a patch which makes the USER_NON_ADMIN token a restricted one with the same access, see what aklotz thinks of this work-around.
- bug 1259601 - Add sandbox status to about:support (added security.sandbox.content.level for all OS) - on inbound.
- bug 1259087 - Add Windows sandboxing information to Telemetry (added security.sandbox.content.level to environment for all OS) - reviewed waiting for feedback from bsmedberg for data collection review.
- bug 1228022 - Trigger print jobs from the parent instead of the child for OSX - it's working, but font nametable part not done yet
- bug 1290619 - Content sandbox rules should use actual profile directory, not Profiles/*/ regex's - in code review
- bug 1286480 - [10.12] Widevine CDM always crashes on Amazon since upgrade to macOS Sierra - fixed on nightly and aurora
- Re bug 1287426 - New COM MainThreadRuntime stuff is messing with sandbox impersonation token. I've asked Bob to experiment a bit more with how this interaction works.
- bug 1296309 Remove unused syscalls from the seccomp whitelist
- bug 1289718 - Enforce absolute paths for file access. r?tedd
- bug 925471 Dedupe Chromium's base library in security/sandbox with ipc/chromium/src's copy
- OS X profile directory read/write protected, milestone1?