On 2/23/10 8:14 PM, Natch wrote:
I was thinking (in bug 491243) that channels shouldn't inherit chrome
privileges ever unless they are data, javascript or chrome channels
(or that sort).
That's already the case.
For example, it is possible for any web site to run in an elevated
context(and do practically anything to the user's computer) if you
type the following in the error console command-line:
window.openDialog("http://www.google.com";);
This doesn't run google in an elevated context.
-Boris
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
