Readers are advised that Guninski's demonstrations run automatically when you visit his pages. Following are descriptions of the latest problems:
This bug is exploited through a script that calls up the underlying source of a Web page. The trouble is that Communicator also allows the script to call up local files along with it, exposing local directories, cache, HTML files, configuration, email addresses, mail servers, and passwords. The vulnerability can be exploited through an HTML email; a demonstration is here.
Netscape sounded upbeat about its bug-fixing efforts, including the bounty program.
"We take all vulnerabilities seriously," a Netscape spokesperson said. "We're working closely with Guninski to fix these, and it's going well. We think the bug bounty is working very well."