The code below is from a browser extension. Question: what does it do when executed in Firefox?
let script = document.createElement("script");
script.src = "chrome-extension://" + chrome.runtime.id + "/app/scripts/" + fileName;
For reference: that's a major antivirus vendor. And there is a very obvious correct way to do this. In fact, I think it's the first time I see somebody mess this up.
A Mastodon instance for info/cyber security-minded people.