* Reading user's cache and accessing information such as passwords, credit card numbers.
* Reading info about the Netscape's configuration ("about:config"). This includes finding user's email address, mail servers, the encoded mail password (it must me saved and may be decoded). This allows reading user's email.
The more dangerous part is that this vulnerability MAY BE EXPLOITED USING HTML MAIL MESSAGE.