diff --git a/4chan_x.user.js b/4chan_x.user.js
index cf97ab4ef..e33689229 100644
--- a/4chan_x.user.js
+++ b/4chan_x.user.js
@@ -1538,15 +1538,17 @@
       return $.add(d.body, qr.el);
     },
     submit: function(e) {
-      var captcha, captchas, challenge, err, len, m, now, reply, response, _ref;
+      var bb, blob, captcha, captchas, challenge, err, m, now, reply, response;
       if (e != null) e.preventDefault();
-      if ((_ref = qr.ajax) != null) _ref.abort();
+      qr.message.send({
+        abort: true
+      });
       reply = qr.replies[0];
       if (!(reply.com || reply.file)) {
         err = 'Error: No file selected.';
       } else {
         captchas = $.get('captchas', []);
-        if (len = captchas.length) {
+        if (captchas.length) {
           now = Date.now();
           while (captchas[0].time < now) {
             captchas.shift();
@@ -1572,6 +1574,11 @@
         $.id('autohide').checked = true;
         qr.hide();
       }
+      if (engine === 'gecko' && reply.file) {
+        bb = new MozBlobBuilder();
+        bb.append(reply.file);
+        blob = bb.getBlob(reply.file.type);
+      }
       return qr.message.send({
         board: g.BOARD,
         resto: g.THREAD_ID || $('select', qr.el).value,
@@ -1579,7 +1586,7 @@
         email: reply.email,
         sub: reply.sub,
         com: reply.com,
-        upfile: reply.file,
+        upfile: blob || reply.file,
         mode: 'regist',
         pwd: (m = d.cookie.match(/4chan_pass=([^;]+)/)) ? decodeURIComponent(m[1]) : $('input[name=pwd]').value,
         recaptcha_challenge_field: challenge,
@@ -1628,7 +1635,11 @@
         return postMessage(data, '*');
       },
       receive: function(data) {
-        var form, name, url, val;
+        var form, name, url, val, _ref;
+        if (data.abort) {
+          if ((_ref = qr.ajax) != null) _ref.abort();
+          return;
+        }
         delete data.qr;
         if (data.mode === 'regist') {
           url = "http://sys.4chan.org/" + data.board + "/post?" + (Date.now());
diff --git a/script.coffee b/script.coffee
index 4782c4a64..8eb0dc0ea 100644
--- a/script.coffee
+++ b/script.coffee
@@ -1157,7 +1157,7 @@ qr =
 
   submit: (e) ->
     e?.preventDefault()
-    qr.ajax?.abort()
+    qr.message.send abort: true
     reply = qr.replies[0]
 
     # prevent errors
@@ -1166,7 +1166,7 @@ qr =
     else
       # get oldest valid captcha
       captchas = $.get 'captchas', []
-      if len = captchas.length
+      if captchas.length
         # remove old captchas
         now = Date.now()
         while captchas[0].time < now
@@ -1192,6 +1192,14 @@ qr =
       $.id('autohide').checked = true
       qr.hide()
 
+    if engine is 'gecko' and reply.file
+      # https://bugzilla.mozilla.org/show_bug.cgi?id=673742
+      # We plan to allow postMessaging Files and FileLists across origins,
+      # that just needs a more in depth security review.
+      bb   = new MozBlobBuilder()
+      bb.append reply.file
+      blob   = bb.getBlob reply.file.type
+
     qr.message.send
       board: g.BOARD
       resto: g.THREAD_ID or $('select', qr.el).value
@@ -1199,7 +1207,7 @@ qr =
       email:  reply.email
       sub:    reply.sub
       com:    reply.com
-      upfile: reply.file
+      upfile: blob or reply.file
       mode:   'regist'
       pwd: if m = d.cookie.match(/4chan_pass=([^;]+)/) then decodeURIComponent m[1] else $('input[name=pwd]').value
       recaptcha_challenge_field: challenge
@@ -1249,6 +1257,9 @@ qr =
       data.qr            = true
       postMessage data, '*'
     receive: (data) ->
+      if data.abort
+        qr.ajax?.abort()
+        return
       delete data.qr
       if data.mode is 'regist' # reply object: we're posting
         # fool CloudFlare's cache to hopefully avoid connection errors