This issue has been discussed at length here: http://clearspace.openqa.org/thread/15533
This happens when running the IE HTA browser launcher.
Take a web page as simple as the following:
<html>
<script type="text/javascript">
function applicationValidate() { return window.location.href; }
</script>
</html>
It can do any number of operations but the key is that the web application under test uses the window.location.href object.
Then if you have a selenium test that runs the following
String script = "var win = selenium.browserbot.getCurrentWindow(); win.applicationValidate()";
String pageTitle = selenium.getEval(script);
You will get a permission denied error now, as of revision 2450 of Selenium RC, because of the change from the default iexplore target to the other hta mode target.
This is a Selenium Core bug because getEval currently runs a raw eval in the context of the HTA frame, which has limitations to access the window.location object. It should be run in the context of the application under test to have full permissions on that object.
Bug
Open
Critical
getEval currently runs a raw eval in the context of an HTA frame, but should do the eval in the context of the application under test instead (iehta bug)
Despite my flip remarks earlier, fixing this bug the way I described in the linked thread would have a drawback: you could no longer write an eval with elevated privileges... you'd HAVE to be within the application's reduced security context. That seems bad; I'm not sure how bad or what I think about it. I really don't want to make this any more complicated than it needs to be...