> I don't know about deliberate inclusion of the security hole - it looks
> more to me like "careless". Feels like it just "was not thought to be
> a danger of any kind to security"... (Does the word TITANIC mean anything to
> you?)
the builders of the titanic didn't know that certain kinds of steel
become brittle at cold temperatures.
otoh, the developers of this user agent knew, or should have known,
the risks of executing code of unknown origin. they have been
understood for a long time. they were discussed during development
of the MIME standard. the MIME specs have required content-types to
document known security risks since the early 1990s. other email-borne
viruses have used similar mechanisms to this one to propagte themselves.
Keith
