upstream runs this as a [sg:low dos] ... which is probably the reason why this has not yet been fixed. Is this really just a DOS vulnerability or should I re-adjust upstream priority? -- Firefox allows cookies to be set for second-level domain hierarchies https://launchpad.net/bugs/44062