It is possible to read all variables that are set inside Firefox. That's right: ALL variables and registered objects that are present inside Javascript files and on runtime. It's even possible to call certain functions. That ranges from local Mozilla config files to all extensions registered inside Firefox. The example below will show you a list of a couple variables that were set. Note: it is possible to actively scan variables and hijack them when you need to. I've tested this against my own Firefox extension called: Fire Encrypter. And I was able to steal a dynamically generated password successfully.
[hide=10]
[code]
<script src="chrome://global/content/config.js"></script>



<script>

function show_all() {