An Italian security researcher has discovered that the popular Mailbox app for iPhones and iPads will execute *any* Javascript which is present in the body of HTML emails, opening the door for exploitation.