A bug on Netscape 6 and Mozilla allow resumely edited pages to gain access to loacal files. The security hole, that was discovered from GreyMagic, is exactly the same as a fixed bug of Internet Explorer and Opera.
The security hole exist according to GreyMagic, all the versions of Netscape from 6.1 and greater and all versions of Mozilla from 0.9.7 and greater. GreyMagic has published the security hole a month ago and since now the two programmes (Mozilla and Netscape) haven't fixed that hole. Now, the only way to be protected somebody is to disable the Javascript.