Mozilla Flaw Lets Links Run Arbitrary Programs: "Updated: The Mozilla Foundation has confirmed findings that its Mozilla and Firefox browsers are vulnerable to attacks using the 'shell:' scheme, which execute arbitrary code under Windows without the user having to click a link." - This flaw is mainly due to Windows, rather than Mozilla/Firefox - but they've patched it anyway. (patch here)