Follow

The code below is from a browser extension. Question: what does it do when executed in Firefox?

let script = document.createElement("script");
script.src = "chrome-extension://" + chrome.runtime.id + "/app/scripts/" + fileName;
head.appendChild(script);

For reference: that's a major antivirus vendor. And there is a very obvious correct way to do this. In fact, I think it's the first time I see somebody mess this up.

Show thread
Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.