Client-local data that is displayed in the browserwindow can be made available to the server byusing a redirect to a Javascript applet runningin the same window. This in effect bypassescross-domain security and makes the data availableto the applet, which could then send the data to ahostile server. This could allow a malicious website operator to read the contents of files onvisiting users' computers, if he or she knew the nameof the file and the folder in which it resided.The vulnerability would not allow the malicioususer to list the contents of folders, create,modify or delete files, or to usurp anyadministrative control over the machine.