There is a design flaw in Netscape Communicator 4.51/Win95 (guess all 4.x versions are vulnerable) in the way it handles bookmarks.
This allows at least browsing local directories, reading local files and sending them to an arbitrary server. Probably there are more serious exploits.
If the user bookmarks a specially designed "javascript:" URL, later open local file and then choose the bookmark, the bug is triggered.

For more info, check the security advisory.
Demonstration:
Browsing directories
Reading AUTOEXEC.BAT
Workaround: Disable Javascript or do not bookmark untrusted pages.