New bugs were discovered in Netscape's implementation of Java has been found which allows a remote site to read any file on the client machine and to set up a Java server which anyone can connect to. Brown Orifice HTTPD starts a Java server which allows others to read files on your machine. Demonstration available here.
831fa6c34ab874498d63a79e305ac506b48fd570f2b5cee4f27851cbe3f12543
More Netscape vulnerabilities. It's still possible to inject foreign JavaScript code into arbitrary documents.
420465036619dccd8197fe1bcd6b12838cbb403be7dff5c6e4014a31f5d28a6d