Similar to the problem in bug 1179191, we probably will get b2g app crashes with this scenario: 1) b2g starts a process for app foo.com!appid=123 2) app opens an iframe for bar.com which runs in the same process 3) bar.com iframe tries to use Cache API 4) Cache API checks to see if child process matches bar.com (but it really matches foo.com!appid=123) 5) Failed security check kills child process As far as I can tell from the security check, we require exact app ID matches. This probably will not be the case for the third party iframe: https://dxr.mozilla.org/mozilla-central/source/dom/ipc/AppProcessChecker.cpp#211 I could be wrong, though. Maybe the iframe has bar.com, but inherits the appID somehow (confusing to me). Can someone write a test for this to see if it crashes or not?

I think Jonas told me we inherit the appID, so we're probably safe here. A test would still be good, though.