Paul Wagenseil :
spikey in tn :
Is this solely a Microsoft problem, or does JavaScript also have a key role that needs addressing?
Bad JavaScript makes this attack possible, but I don't think JavaScript is to blame.
Perhaps I didn't sufficiently differentiate between whether JavaScript was an innocent carrier or an active participant. Regardless of which ultimately proves to be the case, one thing is certain - JavaScript is in the middle, whether actively or passively, of far too many attacks of all kinds. To me it has proven to be a hacker's dream because of how well it serves their purposes.