It still has to get on the box, which means another 0-day in the browser or other app, then it has to get around DEP, ASLR, etc. It'll probably just crash the browser if it tries. Unless the user gets ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback