Exploitation is trivial, as an attacker can host the
malicious code inside JavaScript
files served over a website the victim is accessing, add the
malicious code to email
file attachments, or send a boobytrapped
file to a victim via an instant messaging client.