Hi,
The same security hole, exists in MSIE too, with one restriction: url can't
start with file:. But still the applet from outside site, can access you
intranet servers including ftps and ALL sites you have access to. The
demonstration of the bug is here:
Thanx, Alexey.
PS: The applet was tested on WinNT 4.0sp5 with Internet Explorer both 5 and 5.5
versions.