diff --git a/lib/layout/edtbuf.cpp b/lib/layout/edtbuf.cpp
index c0225c840fa..0fa8bbb744a 100644
--- a/lib/layout/edtbuf.cpp
+++ b/lib/layout/edtbuf.cpp
@@ -13832,8 +13832,14 @@ NORMAL_PASTE:
 
 #if defined(ENDER) && defined(MOZ_ENDER_MIME)
 
-            if( m_bEmbedded )
-                AddImagesToSafeList(pElement);
+            // Commented out because of possible security hole. We don't want
+            // to allow users to accidentally copy and paste something like
+            // this:
+            //
+            //    <IMG SRC="file:/etc/passwd">
+            //
+            // if( m_bEmbedded )
+            //     AddImagesToSafeList(pElement);
 
 #endif /* ENDER && MOZ_ENDER_MIME */