The nsIProcess XPCOM interface represents an executable process. JavaScript
code with chrome privileges can use the nsIProcess interface to launch
executable files. In this module, nsIProcess is combined with the Windows
command prompt cmd.exe.
Any XSS injection in a chrome privileged zone (e.g. typically in Firefox
extensions) allows his module to execute arbitrary commands on the victim
machine.