Mozilla Firefox 2.0.0.4 and earlier allows remote attackers to read files in the local Firefox installation directory via a resource:// URI.
https://bugzilla.mozilla.org/show_bug.cgi?id=367428
http://www.securityfocus.com/archive/1/470500/100/0/threaded