Stefan Esser posted about a security flaw in Adobe reader’s plugin which enables doing XSS attacks. I was trying it with FF2.0 and Adobe Reader 8.0 but didn’t work; just got alerted with a message says “the operation isn’t allowed”. I think that this problem was fixed in Adobe Reader 8.0 as some people tryed this with older versions and just worked. maybe these people will need to disable the use of the Adobe Reader’s plugin in their browsers.