Thank you for all the help (here and in the comments of the bug report). It seems the implementation of the about: pages is worth looking at.
It seems I unintentionally found something which is even a bigger security issue than I thought and I'm glad I could .... well "help" does not seem to be the right word.... but let's say, made the right people aware of it ;) I wish I could have been a bit more helpful, but I haven't had time to really get into Firefox' security concept/model/whatever is appropriate name (maybe I could have even reported it to the security bug bounty program if I had done it right ;)). Anyway, good luck with fixing that! Best, Felix _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security