Over the weekend, code landed to restrict the ability of web content to access “chrome://” resources (see bug 292789). This shouldn’t affect many extensions since the restrictions are focused on web content, not chrome content. However, if your extension injects content into the web content, you could be affected. An example can be found in bug 428848. Venkman can’t load venkman-source.css, a stylesheet that is injected into unprivileged, web content.
The solution to this problem is a new chrome manifest flag – contentaccessible. Using
contentaccessible, an extension author can say “Yes, I’d like my extension’s chrome package to be accessible to web content.”
Note, in bug 292789, that
chrome://browser packages are exposed to content by default. This is required to keep remote XUL (XUL loaded into web content) working.
See Wladimir Palant’s post on this topic too.