The Null Device
Attack of the Dashboard Widgets
demonstrates. The author even provides a goatse.cx
widget (not auto-installed, mercifully) to underscore the potential for mayhem.
Meanwhile, a carefully-constructed trick webpage can cause Firefox to execute arbitrary code on any platform (such as, say, installing rootkits or botnet clients). The Mozilla Foundation have patched this, though it's not in the Debian distro yet.
There are 2 comments on "Attack of the Dashboard Widgets":
Please keep comments on topic and to the point. Inappropriate comments may be deleted.
Note that markup is stripped from comments; URLs will be automatically converted into links.