There is a security vulnerability in Netscape Communicator 4.6 Win95, 4.07 Linux (probably all 4.x versions) in the way
it works with "view-source:wysiwyg://1/javascript" URLs. It parses them in a "view-source" window.
The problem is that it allows access to documents included in the parent document via
ILAYER SRC="view-source:wysiwyg://1/" using find(). That allows reading the whole parsed document.
Vulnerabilites:
Browsing local directories
Reading user's cache
Reading parsed HTML files
Reading Netscape's configuration ("about:config") including user's email address, mail servers and password.
Probably others
This vulnerability may be exploited by using HTML email message.
Workaround: Disable JavaScript
This demonstration tries to find your email address, it may take some time.
Written by Georgi Guninski