http://security.itworld.com/4341/050427netscapeflaw/pfindex.html Critical flaw reported in Netscape IDG News Service 4/27/05 Scarlet Pruitt, IDG News Service, London Bureau A "highly critical" unpatched vulnerability in the Netscape browser could potentially allow hackers to compromise Internet users' systems, according to an advisory from a Danish security firm. The buffer overflow vulnerability could cause the browser to crash. In addition, hackers could create Web sites to exploit the flaw, executing code of their choice on visitors' computers to gain access to users' systems, security company Secunia warned. The vulnerability has been confirmed in Netscape version 7.2 and has been reported in version 6.2.3, according to the advisory, released late Tuesday. Other versions may also be affected, it said. The vulnerability is related to a previously reported flaw in the Mozilla browser, which shares some code with Netscape, Secunia Chief Technology Officer (CTO) Thomas Kristensen said Wednesday. The Mozilla vulnerability has already been patched, he said. "It's been a while since Netscape has been patched so there's reason to be concerned," Kristensen said. It is a severe problem because there is no effective work-around, he added. Responding to a call later Wednesday, Netscape said it is advising users to upgrade to version 8.0 of the browser. "That version is based on Firefox and should not be affected by the issue," said company spokesman Andrew Weinstein. Netscape 8.0 has been out for several weeks and is in a "late beta," he said. Scarlet Pruitt is U.S. correspondent for the IDG News Service. -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.10.3 - Release Date: 4/25/2005 ** To leave the list, click on the immediately-following link:- ** [mailto:guispeak-request@xxxxxxxxxxxxx?subject=unsubscribe] ** If this link doesn't work then send a message to: ** guispeak-request@xxxxxxxxxxxxx ** and in the Subject line type ** unsubscribe ** For other list commands such as vacation mode, click on the ** immediately-following link:- ** [mailto:guispeak-request@xxxxxxxxxxxxx?subject=faq] ** or send a message, to ** guispeak-request@xxxxxxxxxxxxx with the Subject:- faq