[ Thanks to
Nicholas Donovan for this link. ]
“In the wake of last week’s revelation of a security hole in
Mozilla that allows the execution of arbitrary programs on the
client system a philosophical debate has emerged: Is this a bug in
Mozilla or a bug in Windows?“I think the argument is that Windows should prevent the shell
scheme from executing programs, but this isn’t a job for Windows.
This is a job for the browser. All Windows is doing in the case of
what was just patched in Mozilla is taking an instruction to run a
program and running it. If the browser didn’t ask for it, it
wouldn’t happen…”