XSS on about:tbupdate

Hello, It appears that there is an XSS vulnerability on the about:tbupdate page. Steps to reproduce: 1. Visit: about:tbupdate?javascript:alert(1) 2. Click on 'visit our website' Because the page is a privileged one (given it cannot be opened from a normal web page) this XSS may lead to a more severe issue. I will post a reply if I find a way to to do either of two things, first being finding a way to open privileged about: pages from normal content and secondly, I will check to see if there are any privileged javascript functions I could execute to achieve a bigger issue. Thank you