A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-16/#CVE-2018-12365