睡醒就看到 CERT 的安全通告:Mozilla Firefox fails to properly handle JavaScript onUnload events:
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user.
沒事不要亂逛網站... :o
昨天出來的 2.0.0.2 也沒有修正 :~
我本來不太裝 extension/plug-in 的,現在都裝 NoScript 了。