Hacker News new | past | comments | ask | show | jobs | submit login

Yes and no. Mozilla's a bit screwed on this front, because they use XUL to render their interface - and, critically, the browser can render XUL pages. I don't have FF installed on this machine, but you should still be able to check it out at http://www.faser.net/mab/remote.cfm to see a demo of the feature.

It's a pretty cool feature, but it means that on Firefox, attackers should be able to emulate basically any chrome they want to.




To demonstrate, go to chrome://browser/content/browser.xul in firefox


Remote XUL is disabled in Firefox 4.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: