I can call a "QueryInterface" method of an object from a webpage in Firefox. I'm assuming that's not good, but is it exploitable?
-
-
Replying to @berendjanwever
@berendjanwever 0 args => "Not enough arguments [nsISupports.QueryInterface]" 1 arg => "Could not convert JavaScript argument arg 0 [...]"1 reply 0 retweets 1 like -
Replying to @berendjanwever
@berendjanwever@jruderman any idea? Any suggestions what I could try to pass as an argument to see if I can do anything with this?1 reply 0 retweets 0 likes -
Replying to @berendjanwever
@berendjanwever@jruderman Looks like part of Components.interfaces is still content-exposed?1 reply 0 retweets 0 likes -
Replying to @xlerb
@xlerb@berendjanwever “Components.interfaces” is now just a shim. I don’t think it can be used for QI. https://bugzilla.mozilla.org/show_bug.cgi?id=790732 … patches 4,72 replies 0 retweets 0 likes -
Replying to @jruderman
@xlerb@berendjanwever One motivation for removing it was that web pages could enumerate some Firefox extensions https://bugzilla.mozilla.org/show_bug.cgi?id=429070 …1 reply 0 retweets 0 likes -
Replying to @jruderman
@xlerb@berendjanwever If the real Components.interfaces is still available on XBL scopes, you might be able to snag it from there somehow…1 reply 0 retweets 0 likes -
Replying to @jruderman
@jruderman@xlerb ...obviously. But if someone had no idea what Components.interfaces, QueryInterface, XBL scopes are, are there docs?2 replies 0 retweets 0 likes
@jruderman @xlerb (let's assume this person has never looked at Firefox source before, other than a few lines surrounding a vuln or two).
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.