It appears that the Firefox extention “Fizzle” is vulnerable to being taken over using HTML entities of all things. Because it converts HTML entities into their more dangerous equivalents CrYpTiC_MauleR found was able to create a proof of concept exploit that reads cookies, steals files, and so on. The proof of concept can be found here.
This really just another for of RSS hacking that we’ve all come to know and love, although this one is a little more tragic as it actually gives you much higher access that you can find through a normal HTML RSS feed aggregator. Although this may only affect a few thousand users, there are a few things to note about this. Firstly, there is no standard way to inform users that they are using dangerous plugins. Second, even if something is in an HTML entity, it can cause problems if you start converting the text. Lastly, this is not Firefox’s fault directly, but that doesn’t matter.
If you allow plugins to perform actions outside of the normal security model, you are taking big risks with your user’s security. Nice job, CrYpTiC_MauleR!