...
Consider an application that allows an organization's employees to access an external mail service via http://mailwebsite.com. The application is designed to deny access to other websites by behaving as a makeshift firewall. However, a crafty or malicious user can nevertheless access an illegitimate website 
http://illegitimatewebsite.com that is hosted on the same computer as the legitimate website and consequently shares the same IP address. Even worse, an attacker can register multiple websites (for phishing purposes) until one is registered on the same computer, consequently defeating the firewall.
...