yet another important message appeared at fd, but not at bugtraq: http://seclists.org/lists/fulldisclosure/2004/Jul/0333.html it leads to: http://www.mozilla.org/security/shell.html you guys must monitor fd :-P it cost me$$ N months to turn off codeBase - a smiliar issue in IE, but mozilla made it in less than 24 hours. and, this proved drew's words at http://umbrella.name/iebug.com/display-singlemessage.php?readmsg:bugtraq_message-2004070003 regards, liudieyu http://umbrella.name/
