WillemM wrote:

Isn't this a good reason to throw out the old implementation of javascript and start with a new one, that doesn't have these flaws?

I'd rather hear that it is impossible to patch from a FF dev rather than the hacker, given the fact they are not oblivious of the effects of over-generalisation (IE is insecure blah blah) then they may also be prone to overexageration.