Friday, May 20, 2005

New super-safe Netscape squashed by bugs

Matthew Broersma writes in

Netscape has published a security update to its Netscape 8 browser fixing more than 40 security holes, just hours after the browser's official launch.

Version 8 of the browser is the first major update to the browser since 2002 and includes a number of new security features designed to protect users from remote attacks and malicious websites. It is based on the increasingly popular open-source Firefox browser, but didn't include any of the security patches released in Firefox 1.0.4.

"The browser is like a hybrid car that combines the usability of Internet Explorer with the security of Firefox," Andrew Weinstein, a spokesman for AOL/Netscape, told Reuters. Critics have pointed out however that the initial release combines the security vulnerabilities of both browsers.

The unpatched vulnerabilities - fixed in Firefox back in March - include a bug in the handling of gif images that could allow an attacker to run malicious code on a user's system. The vulnerability could be exploited by, for example, luring users to a site displaying specially crafted images.

The unpatched holes led to the release of Netscape 8.0.1 a few hours after the release of version 8.0. The update includes the Firefox 1.0.4 security fixes, according to Netscape. Netscape's advisory is available here.


Post a Comment

<< Home