Uxss?

[abalfazl]

What is UXSS? What is difference between XSS and UXSS?

Example :

UXSS in #FDF, #XML e #XFDF

In addition by using the following request, is possible to execute javascript code
inside Firefox browser:

http://site.com/file.pdf#FDF=javascript:alert('Test Alert')

The previous could be triggered against a site and because of this is a Universal Cross Site
Scripting.
UXSS is a particular type of Cross Site Scripting and has the ability to be triggered
by exploiting flaws inside browsers, instead of leveraging the vulnerabilities against
insecure web sites. It's also possible to force clients to download files by supplying:

http://site.com/file.pdf#FDF=javascr...ment.location= 'file://C:/winnt/notepad.exe'

Does it make download? or run a program?
http://site.com/file.pdf#FDF=javascript:document.location=[/url] 'file://C:/winnt/notepad.exe

[logic_earth]

It say so right in your quote...

UXSS is a particular type of Cross Site Scripting and has the ability to be triggered by exploiting flaws inside browsers, instead of leveraging the vulnerabilities against insecure web sites.