New super-safe Netscape squashed by bugs
Matthew Broersma writes in Techworld.com:
Version 8 of the browser is the first major update to the browser since 2002 and includes a number of new security features designed to protect users from remote attacks and malicious websites. It is based on the increasingly popular open-source Firefox browser, but didn't include any of the security patches released in Firefox 1.0.4.
"The browser is like a hybrid car that combines the usability of Internet Explorer with the security of Firefox," Andrew Weinstein, a spokesman for AOL/Netscape, told Reuters. Critics have pointed out however that the initial release combines the security vulnerabilities of both browsers.
The unpatched vulnerabilities - fixed in Firefox back in March - include a bug in the handling of gif images that could allow an attacker to run malicious code on a user's system. The vulnerability could be exploited by, for example, luring users to a site displaying specially crafted images.
The unpatched holes led to the release of Netscape 8.0.1 a few hours after the release of version 8.0. The update includes the Firefox 1.0.4 security fixes, according to Netscape. Netscape's advisory is available here.