The following test fails in Marionette if not executed in the system sandbox. The reason is that the value within the internal JSON clone algorithm would need waived XRays:

    def test_shadow_dom(self):
        result = self.marionette.execute_script("""
            return {
                toJSON() {
                    return ["foo", "bar"];
                }
            };""")
        self.assertEqual(result, ["foo", "bar"])

Given that this is untrusted code the question is which measures we should apply to safely serialize such an object without allowing an attack vector.

The underlying problem here should definitely be something around waiving XRays because the object that we are evaluating is living in a different sandbox. Other browsers pass the tests for Execute Async Script and Execute Script.

It's still interesting why async script execution is only affected.

Whenever we have to use waiving XRays we should make sure that we do not expose any security issue. A web site could have a custom defined toJSON() method on an object and that should not allow to escape and even reach chrome scope.

I'll have to do a bit more investigation but so far it's not blocking.