firefox: thunderbird: External protocol handlers could be enumerated via popups
The Mozilla Foundation's Security Advisory: By checking the result of calls to window.open with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed...