Hi,
i was reading around the web about vulnerabilities like the Universal PDF XSS (linked below)

http://www.gnucitizen.org/blog/universal-pdf-xss-after-party/

and i was thinking how to use this kind of vuln (where an attacker is able to execute arbitrary javascript code in a security zone different from the internet security zone) to do more.

I already know that with a simple XMLHttpRequest i'm able to upload files to a remote server and i already know that if the victim is using IE i can use vbscript/activex to obtain remote code execution.

But what can i do if the victim browser is Safari/Chrome/Opera to obtain remote code execution/download arbitrary files to the victim pc???

PDF is joke, unless they haven't turned of Javascript in PDF, it's almost too easy. I don't even bother to look into PDF exploits, it's like launching Java applets; no brains involved. You don't even need an exploit, just ask permission to launch it. That's it.

mmm... but my question was another one: i linked the pdf vulnerability just as an example.

You must find an exploit of the browser for that which would be quite serious, XSS is just for javascripting and usually not very useful.

/facepalm

Let's assume that i found a vulnerability that allow an attacker to execute arbitrary javascript code in the local security zone of a web browser. If this vulnerability was found inside Internet Explorer i can use Activex/vbscript to obtain code execution/download arbitrary files. But what i can do if this kind of vulnerability is found in a browser like Mozilla Firefox/Google Chrome/Safari/Opera?

I know that is possible to use XMLHttpRequest to upload arbitrary files to a remote server but what else?

stuff on the website itselft. Like get his cookie or post forms without captcha.