There is a good write up from Armin Sebastian on a vulnerability in Adblock Plus 3.2 which can allow for arbitrary code execution under certain conditions. There $rewrite filter option is the source of the problem and several conditions must be met in order for an attack to be possible. uBlock Origin is not susceptible to this vulnerability. For detailed analysis and mitigation please see: