Timezone may leak from XSLT Date function

Looking at the patch for document.lastModified, I looked at all the uses of PR_LocalTimeParameters and found this one that looks sketchy.

My concern would be that an attacker could render a XSLT document using a function that formats a datetime; then reads that XSLT document (cause it's same origin) and gets the timezone out.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information