http://www.peacefire.org/security/jscookies/ If you have cookies and JavaScript turned on in Communicator 4.x, and you're running a profile named "default" (most Communicator 4.x installations are set up that way), a malicious Web site can read any HTML file on your hard drive (including the user's bookmark file and cache files). CNet has a write-up at: http://news.cnet.com/news/0-1005-200-1717169.html -Bennett bennett_at_peacefire.org http://www.peacefire.org (425) 649 9024 ISN is sponsored by SecurityFocus.com --- To unsubscribe email LISTSERV@SecurityFocus.com with a message body of "SIGNOFF ISN".Received on Wed Apr 19 13:27 CDT 2000