Inter-browser Commutation
Cross-site scripting (XSS) models are commonly thought to be the server controlling the browser. That is, all commands have come from code residing on the server. This is not necessarily the case. Control can be one browser (in)directly controlling/communicating to another. One method of browser-to-browser communication is employing an intermediate web server.
Method
In this method, the intermediate server needs to satisfy two conditions. It needs a controllable persistent variable (could be user details, etc) and be vulnerable to non-persistent XSS. It will be used by the browsers to bounce information off (explained further in the following paragraphs). The browsers use a hidden iframe to read and write data by performing requests to the intermediate server.
Reading
To read the information, the browsers will periodically reassign the href value of the iframe so it (re)loads a page from the intermediate server. The requests will contain XSS exploit code to perform three actions. The first is retrieving the persistent variable from the loaded page. The second step is to construct a URL pointing at the referrer (the parent frame) with the previously attained persistent variable appended, possibly after the '#' character (to simplify future parsing). Finally, the XSS code performs a redirect to the created URL . From this point, the parent frame/window can access the document.location of the iframe without breaking the DOM security model. Now it is trivial to extract the persistent variable (originally from intermediate server) from the iframe's document.location.
Writing
Writing the persistent value on the intermediate web server will typically be through a simple GET request. In this case the iframe parent will assign the iframe href to be a URL along the lines of http://www.somesite.com/set.php?param=value.
Conclusion
There is a mechanism to both read and write a variable from and to independent browsers. Hence, there is a communication channel that can be used for inter-browser communication.
The complexity of the XSS models increases. Not only does inter-browser commutation allow for one-to-one communication, it can be used for one-to-many, allowing for an increasingly complex communication structure to be built.