If the client side javascript can scan localhost, I guess that NAT firewall isn't too much use against browser-based attacks.
If the client side javascript can scan localhost, I guess that NAT firewall isn't too much use against browser-based attacks.