Scriptable Chrome Issues.

Publicated on : 1193864649
Since it's still Halloween I got another ghost in the shell for you all. Normally it is not allowed to script the chrome, or have access to it with Javascript or even manipulate it. In this case it also stalls the browser. The snippet below has the null in place to confuse Firefox. Normally the null is interpreted as nothing, so that the next location will be nothing. But -and this is important to understand- when this happens fast enough and repeatedly like a race condition, it can happen that the browser.xul gets executed. This can be tested by loading the script, and quickly or randomly pressing the home button. You will notice that the homepage changes to the default Google Firefox search page, this indicates that a link to the chrome:// was being made on a certain moment and thereby successfully confused Firefox what to do next. So exploiting this is not as simple as I present it here. It does however show that if certain controlled conditions are met, it will be possible to execute chrome files.

This has to be investigated some more.