paul beard wrote:

> mozilla-1.0.rc1,1 is forbidden: malicious Web servers can upload 
> files--see http://sec.greymagic.com/adv/gm001-ns/ or 
> http://www.heise.de/ct/browsercheck/n6demo1.shtml
> I'm not sure of the risk here: the demo shows me I can read local 
> files, but I knew I could do that. Am I missing something?

This is acctually very serious.
Consider a form, a textfield and a script-initiated submit.

Naturally you are safe if the data does not recieve the server as in the 
demo.

Per-Olof Pettersson