The exploit/ leak test detailed here is apparantly able to bypass PG's execution protection Link removed as there are links from that page that are against the Wilders TOS - Thanks. Pilli The link showed a possible exploit using DDE Direct Data Exchange I have firefox permitted to start once only, yet the expoit code in the leak test is able to start firefox without alerting PG. (Yes, you have to allow the leak test to start first, but that's understood). Can someone confirm this behavior? And is TDS intending to fix this?