Security researcher Luke Bryan reported that file: URIs are given chrome privileges when opened in the same tab as a chrome page or privileged about: page. This vulnerability could be used by an attacker to run arbitrary JavaScript with chrome privileges. The severity of this issue was determined to be moderate as it requires an attacker to have malicious code saved locally, then have a user open a chrome: document or privileged about: URI, and then open the malicious file in the same privileged tab.
Firefox 2 is not affected by this issue.
Vulmon