Ralf Hueskes discovered a major Internet Explorer 4.0 security hole
that apparently makes it possible "to spy on the contents of any
text and HTML files on somebody else's computer" using dynamic
HTML. He says, "Not only local files are in danger, but also data
on your company's intranet - even if it is protected by a
firewall." A c't article has more details and notes that the
MSIE 4 pre-release for the Mac OS apparently isn't affected.