Firefox Remote Variable Leakage.

I've been away a couple of days, and today I found something quite disturbing in Firefox. It is possible to read all variables that are set inside Firefox. That's right: ALL variables and registered objects that are present inside Javascript files and on runtime. It's even possible to call certain functions. That ranges from local Mozilla config files to all extensions registered inside Firefox. The example below will show you a list of a couple variables that were set. Note: it is possible to actively scan variables and hijack them when you need to. I've tested this against my own Firefox extension called: Fire Encrypter. And I was able to steal a dynamically generated password successfully. Just wow!