Firefox Remote Variable Leakage.

Publicated on : 1186848758
I've been away a couple of days, and today I found something quite disturbing in Firefox. It is possible to read all variables that are set inside Firefox. That's right: ALL variables and registered objects that are present inside Javascript files. It's even possible to call certain functions. That ranges from chrome:// config files to all extensions registered inside Firefox. Extension and plugin function calls are also possible and have been found vulnerable. Mozilla thinks this is a non-issue, But I believe it is very bad security practice to have access to them and they SHOULD not be accessible to anyone. Don't take my word for it, they are the experts.

It basically means that everyone can probe all Javascript files inside the chrome:// context and log all this information on the server through a simple Ajax instance. Furthermore it is only possible to call unregistered functions, like those that are set inside extensions by developers. This COULD lead to denial of service on function calls, privacy breach, information disclosure, and maybe more unseen or unknown attacks. Please do note that this is actually a semi-feature since extensions them self need to communicate through the chrome, so this could be very hard to "fix".