Firebug
Firebug is a powerful Free and Open Source Add-on for Firefox and is very famous among web developers. With FireBug, you can edit, debug, and monitor CSS, HTML, and JavaScript live in any web page.
It has tones of useful features like a dynamic console, DOM tree explorer, CSS viewer/editor, script explorer and network monitor where you can see all Flash, XMLHttpRequest, JS and Image requests. Firebug is mainly used by web developers to trace bugs in their code but it can also be used to find and explore various browser and remote site vulnerabilities.
Unfortunately, Firebug suffers from rather simple but quite dangerous vulnerability. The vulnerability is of a type Cross-zone or Cross-context scripting, where a script from a web pages in injected inside the zone of the browser, also know as the chrome, or in the zone of the file: protocol. In both cases the result is quite devastating, although the second is a bit less critical then the first. Remote scripts in the browser are restricted by a sandbox. This means that everything that is prefixed with http: or https: is secure. Browser extensions make use of the chrome: protocol. This protocol is not restricted at all and everything is allowed. Therefor browser extensions are trusted. However if a remote script, tricks the browser into executing JavaScript expressions on chrome: then this script can take control of the entire chrome and also the underplaying operating system because then command execution and read/write file access are allowed.
Do you know that you can