Review code in nsExternalHelperAppService.cpp or nsExternalProtocolHandler.cpp to make sure another process cannot start a third party application that it shouldn't be able to. In particular perhaps via the search charm which another Metro app (running as integrity level: app container) could start the Metro browser which is run as a medium integrity level process.

Searches all pass through FrameworkView::PerformSearch, which takes converts all keywords to quoted strings and pas them through command line runner with the search parameter. http://mxr.mozilla.org/mozilla-central/source/widget/windows/winrt/MetroContracts.cpp#294 I don't see any way for this to trigger 3rd party application launch. For downloaded files we pass everything through the download manager just like we do on desktop. File handling sometimes calls shell execute if the user asks us to run. But we prompt for permission first for executable content, just like desktop. So again, no issue here afaict. For uris, we validate everything through winrt's IUriRuntimeClass, so nothing is going to pass through there that isn't a valid format. Overall, not seeing any issues with our handling here.

Could anyone please give guidance in order for the QA to verify this?

Nothing to do here, this was a dev specific task about inspecting behavior looking for issues. No changes were made to the product.