1.0.4 is the proof I needed to escalate this again.
IE made this mistake earlier on and I didn't want to go to the burden to write a proof of concept and that's why I posted my original not only in the java but also in the security newsgroup. I've kept quiet until the patch got distributed, but http://secunia.com/advisories/15292 was exactly what I was thinking off when writing my original post.
Those are Java-SCRIPT exploits. Absolutely no relation to Java except the name (dreamt up by some Netscape marketing person long ago).
You're in luck, there are any number of extensions which give you control over javascript per site. Turn it off globally, and then turn it on for specific sites as needed.
-Dan Veditz _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
