firefox is vulnerable to arbitrary file read. A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. Given a reliable exploit primitive, this new process could be exploited again leading to an arbitrary file read.