Submission + - MIME sniffing vulnerability in Internet Explorer
Lars T. writes: "Heise reports that IE's MIME sniffing feature, intended to provide security against falsely identified file types (e.g. download and automatic execution of .hta files) can backfire and allow the execution of HTML and JavaScript from within images that are called directly via their URL. This especially becomes a problem for sites that allow users to upload images."