[larsu]

You're right. But something like this would be harder to fake: http://www.mozilla.com/en-US/img/tignish/features/security-i...

[frio]

Yes and no. Mozilla's a bit screwed on this front, because they use XUL to render their interface - and, critically, the browser can render XUL pages. I don't have FF installed on this machine, but you should still be able to check it out at http://www.faser.net/mab/remote.cfm to see a demo of the feature.

It's a pretty cool feature, but it means that on Firefox, attackers should be able to emulate basically any chrome they want to.

[LordLandon]

To demonstrate, go to chrome://browser/content/browser.xul in firefox

[sid0]

Remote XUL is disabled in Firefox 4.