Microsoft warns of cross-site scripting in Windows
]A security advisory from Microsoft warns of a Windows vulnerability which allows scripts to be injected into apparently trusted websites. It is reportedly caused by a bug in the MHTML handler in all currently supported Windows versions (Windows XP to Windows 7, including the corresponding server versions). The bug is in a Windows DLL. Of the common browsers, only Internet Explorer makes use of the affected DLL to display MHTML. Locally saved MHTML files (extension .mht or .mhtml) are, however, opened by default using Internet Explorer.
It is not BSD news, but many of us function as unpaid Windows administrator for relatives and friends .........
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump