I can call a "QueryInterface" method of an object from a webpage in Firefox. I'm assuming that's not good, but is it exploitable?
-
-
Replying to @berendjanwever
@berendjanwever 0 args => "Not enough arguments [nsISupports.QueryInterface]" 1 arg => "Could not convert JavaScript argument arg 0 [...]"1 reply 0 retweets 1 like -
Replying to @berendjanwever
@berendjanwever@jruderman any idea? Any suggestions what I could try to pass as an argument to see if I can do anything with this?1 reply 0 retweets 0 likes -
Replying to @berendjanwever
@berendjanwever@jruderman Looks like part of Components.interfaces is still content-exposed?1 reply 0 retweets 0 likes -
Replying to @xlerb
@xlerb@berendjanwever “Components.interfaces” is now just a shim. I don’t think it can be used for QI. https://bugzilla.mozilla.org/show_bug.cgi?id=790732 … patches 4,72 replies 0 retweets 0 likes -
Replying to @jruderman
@xlerb@berendjanwever One motivation for removing it was that web pages could enumerate some Firefox extensions https://bugzilla.mozilla.org/show_bug.cgi?id=429070 …1 reply 0 retweets 0 likes -
Replying to @jruderman
@xlerb@berendjanwever If the real Components.interfaces is still available on XBL scopes, you might be able to snag it from there somehow…1 reply 0 retweets 0 likes -
Replying to @jruderman
@jruderman@xlerb ...obviously. But if someone had no idea what Components.interfaces, QueryInterface, XBL scopes are, are there docs?2 replies 0 retweets 0 likes -
Replying to @berendjanwever
@berendjanwever@jruderman https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Language_Bindings/Components.interfaces … might be reasonably accessible for the first two? (I know little about XBL.)1 reply 0 retweets 0 likes
@xlerb @jruderman Ah, so access to "o.QueryInterface(nsIJSII x)" is useless since I do not have access to a (privileged) nsIJSII instance?
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.