I can call a "QueryInterface" method of an object from a webpage in Firefox. I'm assuming that's not good, but is it exploitable?
@jruderman @xlerb ...obviously. But if someone had no idea what Components.interfaces, QueryInterface, XBL scopes are, are there docs?
-
-
@jruderman@xlerb (let's assume this person has never looked at Firefox source before, other than a few lines surrounding a vuln or two).Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@berendjanwever@jruderman https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Language_Bindings/Components.interfaces … might be reasonably accessible for the first two? (I know little about XBL.) -
@xlerb@jruderman Ah, so access to "o.QueryInterface(nsIJSII x)" is useless since I do not have access to a (privileged) nsIJSII instance?
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.