[guispeak] Critical Flaw Found in Netscape Browser

  • From: "Chris McMillan" <chrismcmillan@xxxxxxxxxxxxx>
  • To: <guispeak@xxxxxxxxxxxxx>
  • Date: Wed, 27 Apr 2005 14:13:09 -0400


Critical flaw reported in Netscape
IDG News Service 4/27/05

Scarlet Pruitt, IDG News Service, London Bureau 

A "highly critical" unpatched vulnerability in the Netscape browser could
potentially allow hackers to compromise Internet users' systems, according
to an advisory from a Danish security firm.

The buffer overflow vulnerability could cause the browser to crash. In
addition, hackers could create Web sites to exploit the flaw, executing code
of their choice on visitors' computers to gain access to users' systems,
security company Secunia warned.

The vulnerability has been confirmed in Netscape version 7.2 and has been
reported in version 6.2.3, according to the advisory, released late Tuesday.
Other versions may also be affected, it said.

The vulnerability is related to a previously reported flaw in the Mozilla
browser, which shares some code with Netscape, Secunia Chief Technology
Officer (CTO) Thomas Kristensen said Wednesday. The Mozilla vulnerability
has already been patched, he said. 

"It's been a while since Netscape has been patched so there's reason to be
concerned," Kristensen said. It is a severe problem because there is no
effective work-around, he added. 

Responding to a call later Wednesday, Netscape said it is advising users to
upgrade to version 8.0 of the browser.

"That version is based on Firefox and should not be affected by the issue,"
said company spokesman Andrew Weinstein. Netscape 8.0 has been out for
several weeks and is in a "late beta," he said.

Scarlet Pruitt is U.S. correspondent for the IDG News Service.

No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.10.3 - Release Date: 4/25/2005

** To leave the list, click on the immediately-following link:-
** [mailto:guispeak-request@xxxxxxxxxxxxx?subject=unsubscribe]
** If this link doesn't work then send a message to:
** guispeak-request@xxxxxxxxxxxxx
** and in the Subject line type
** unsubscribe
** For other list commands such as vacation mode, click on the
** immediately-following link:-
** [mailto:guispeak-request@xxxxxxxxxxxxx?subject=faq]
** or send a message, to
** guispeak-request@xxxxxxxxxxxxx with the Subject:- faq

Other related posts:

  • » [guispeak] Critical Flaw Found in Netscape Browser