On 2/23/10 8:14 PM, Natch wrote:
I was thinking (in bug 491243) that channels shouldn't inherit chrome privileges ever unless they are data, javascript or chrome channels (or that sort).
That's already the case.
For example, it is possible for any web site to run in an elevated context(and do practically anything to the user's computer) if you type the following in the error console command-line: window.openDialog("http://www.google.com");
This doesn't run google in an elevated context. -Boris _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security