Opening Outlook by JavaScript in Firefox

I want to open Outlook from Javascript, it's for an internal application, nothing that will ever hit the web. The customer is using IE and Firefox and Outlook will be installed, security is not an issue.

"mailto:" just isn't sufficient in this case, since the requirement is that I need to attach a file to the mail, it seems that this cannot be done by using "mailto:" (found some old-ish forum entries, but nothing of what I tried worked and it seems that the mailto URL scheme doesn't officially support it). But, in IE I can use ActiveX:

var outlookApp = new ActiveXObject("Outlook.Application");

and then I can mess around with it, add a body, add attachments and so on, perfect.

Is something like this possible in any way in Firefox?

What I already knew was that tiddlywiki does some extraordinary things, in that it can save itself 开发者_如何学JAVAsomehow on the harddisk. So I looked at the source and found this:

netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");

Which, as I understand gives the Script access to the Browser API/XPConnect/XPCOM. But now I'm stuck. How would I actually open an Outlook object? Would this even be a working approach? I'm not sure. Maybe any other ideas? Any advice would be appreciated.

Update: ok, after some reading I think I can answer one of my questions with: No, this approach won't work, since the Mozilla API that's implementing XPCOM doesn't support anything like opening an external program. Still leaves the question: Any other ideas?

Answering my own question with this: Ignore the spec, it's a bad idea.

It could be solved with an ActiveX Plugin in Firefox, but actually it's far better to just not do something like that because of security issues, even if it is only an internal application. Some browser settings need to be changed to get something like that to work, which is risky. And finally, the spec contained a not-use-case here: "upon click of a button, open outlook to send an attached file via email". The stupid thing is, that there's actually nobody whom the employees would be allowed to send the file to, apart from other employees which can access the file in the internal network, so it's far easier (and can also be securily implemented) to just send a link to the file.