Several media players, for example Flash and QuickTime, support scripted content
with the ability to open URLs in the default browser. The default behavior for
Firefox was to replace the currently open browser window's
url it would run as if it came from the site that served the previous content, which
could be used to steal sensitive information such as login cookies or passwords.
If the media player content first caused a privileged chrome: url to load then
content it's replacing, and external apps will no longer be able to load
privileged chrome: urls in a browser window. The -chrome command line option
to load chrome applications is still supported.