On Thu, 13 Nov 2003 01:08:06 PST, Gadi Evron <[EMAIL PROTECTED]> said:
> HTML _is_ plain-text. > Just because the server sends it as plain text doesn't mean the browser > won't execute it. > > It does. Well.. sure... a .JPG might have some executable code in it, right? :) At least this time they're improving. They're executing plain text that was called .jpg. Last time, they executed javascript that was in the comments field of an actual jpg.
pgp00000.pgp
Description: PGP signature
![Re: [Full-Disclosure] new worm - "warm-pussy.jpg".](/search?l=full-disclosure@lists.netsys.com&q=subject:%22Re%5C%3A+%5C%5BFull%5C-Disclosure%5C%5D+new+worm+%5C-+%5C%22warm%5C-pussy.jpg%5C%22.%22&o=newest){kind=link}
