Severe XSS problem in Firefox:
<http://www.gnucitizen.org/blog/web-mayhem-firefoxs-jar-protocol-issues> Apparently, Mozilla has known about it since February 2007, but hasn't made any progress on fixing it (read the comments). Because of the above public disclosure, Mozilla just made the previously undisclosed bug public: <https://bugzilla.mozilla.org/show_bug.cgi?id=369814> Get the NoScript plug-in, version 1.1.7.8 (currently a "development" version) in order to protect yourself when using Firefox: <http://noscript.net/getit#direct> - Bil