If you READ the posting and paper I pointed to, you'll see that with *perfectly* *valid* URLs and HTML form value contents it it possible to carry out FTP commands using mozilla as the source of the attack.
Here is a link to the CERT warning about this vulnerability: http://www.kb.cert.org/vuls/id/476267 This is a vulnerability and mozilla's is currently the best way of protecting against this. If you can come up with a better way of fixing this vulnerability that doesn't reduce mozilla's useability even more, or degrade the functionality of HTML forms then I will donate another $10 to mozillaZine.org David Illsley
