Brown Orifice HTTPD exploits a nasty hole in the Java security model and the JVM in Netscape Communicator. It’s an applet that runs a Web server on your local machine when the browser executes it, and sends arbitrary files to people who request them. You can now feel free to turn off Java in your browser.