Javascript could lead to an exploit. It certainly does in IE and FireFox. I'm not sure how the sytem works underneath tho, it seems like that apps only get access to certain system resources depending on how they are run, kinda like root? I dunno I'm a nub. As far as media files etc, I think that would have less to do with the browser and more to do with what lib's and codecs they use. If you can find a buffer overflow in the code that handles the media, that would be the key...assuming that code has access to unprotected system resources. I'm not too faimiliar with how to look for buffer overflows or how to design the "egg" once it is found, I'll have to do some looking. Anyone know where the nitty gritty specs of the psp os can be found?