Bug 1136407 - Disable Mac sandbox
authorBill McCloskey <wmccloskey@mozilla.com>
Wed, 25 Feb 2015 10:37:03 -0800
changeset 259611 3ed19dfc6443f399a71850fdd47a0a6e10e540f9
parent 259610 2f718934413da766c85e8213b88eb74070afe071
child 259612 64f22e3076ea91418d9e84dc74f06b48f1d0e9e7
push id4718
push userraliiev@mozilla.com
push dateMon, 11 May 2015 18:39:53 +0000
treeherdermozilla-beta@c20c4ef55f08 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs1136407
milestone39.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1136407 - Disable Mac sandbox
browser/app/profile/firefox.js
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -1221,18 +1221,18 @@ pref("security.sandbox.windows.log.stack
 #if defined(XP_MACOSX) && defined(MOZ_SANDBOX) && defined(MOZ_CONTENT_SANDBOX)
 // This pref is discussed in bug 1083344, the naming is inspired from its Windows
 // counterpart, but on Mac it's an integer which means:
 // 0 -> "no sandbox"
 // 1 -> "an imperfect sandbox designed to allow firefox to run reasonably well"
 // 2 -> "an ideal sandbox which may break many things"
 // This setting is read when the content process is started. On Mac the content
 // process is killed when all windows are closed, so a change will take effect
-// when the 1st window is opened. It was decided to default this setting to 1.
-pref("security.sandbox.macos.content.level", 1);
+// when the 1st window is opened.
+pref("security.sandbox.macos.content.level", 0);
 #endif
 
 // This pref governs whether we attempt to work around problems caused by
 // plugins using OS calls to manipulate the cursor while running out-of-
 // process.  These workarounds all involve intercepting (hooking) certain
 // OS calls in the plugin process, then arranging to make certain OS calls
 // in the browser process.  Eventually plugins will be required to use the
 // NPAPI to manipulate the cursor, and these workarounds will be removed.