While I don't have an immediate exploit, attackers tricking a user to start applications does feel like in should be classified as a security bug.
I've _never_ gotten asked what application to start for a given uri scheme.
While I don't have an immediate exploit, attackers tricking a user to start applications does feel like in should be classified as a security bug.
I've _never_ gotten asked what application to start for a given uri scheme.