From my reading, the RequestScreenPixels(); IPC method allows a content process to request the parent to take a screenshot of the browser and return it to the content process.

Is there anything in place that prevents a compromised content process/malicious site from sending this request when it is not the forground tab, and using it to read the (rendered) content of another content process / site?

(I understand we don't have site isolation in place on Android right now, but I'd like to document this if this is how this works.)

Does RequestScreenPixels() mentions about UiCompositorControllerChild::RequestScreenPixels()?

Content process could not have UiCompositorControllerChild. Then it seems not possible that a content process calls the RequestScreenPixels().

The following is a related class diagram.
https://github.com/sotaroikeda/firefox-diagrams/blob/master/mobile/mobile_GeckoSession_68.pdf

The severity field is not set for this bug.
:jimm, could you have a look please?

For more information, please visit auto_nag documentation.