It may be possible to exploit this if a user download and execute an applescript, i think not directly from a website cause if from a website it would be an XSS, right? -- Luchino - Samel "Close the world,txen eht nepo!" "Yuo will never break my mind!" On Mon, 14 May 2007, mailbox@martinelli.com wrote: > It may be possible to exploit this by simply accessing a malicious > website, but I have not tested this. > > Anyone willing to give it out a shot? > > Thanks, > John Martinelli > > redlevel security > redlevel.org - security training, consultation, and more. >