Bug exposes Communicators' surfing habits

The Communicator browser, which AOL acquired this month along with Netscape Communications, lets malicious Web site operators peer from one browser window into other open browser windows through the JavaScript console.

JavaScript is a scripting language developed by Netscape for executing actions on a Web page without user interaction. For instance, Web authors use JavaScript to create pop-up windows and forms. JavaScript is unrelated to Java, Sun Microsystems' cross-platform computer programming language.

The JavaScript console is a relatively new feature on Communicator. Added to the browser last August with version 4.06, the console consolidates JavaScript error messages in an off-screen window that users can pull up by typing "javascript:" into the address bar.

Prior to the introduction of the console, users would get a separate error message for every JavaScript coding glitch. In many cases, for instance, when a page was optimized for a particular browser, users would have to click through several of these error messages to see the page.

Since the console is built to gather information from every open browser window, the present exploit, discovered and demonstrated by Bulgarian bug hunter Georgi Guninski, uses it to pull together the URLs those open windows visit.

Guninski will glean a $1,000 bug bounty from the browser maker, as he has for numerous previous demonstrations.

AOL stressed that no similar exploits had been reported on the Web, and that concerned users could disable JavaScript as a temporary workaround. The company said it would implement the fix in its next release of the browser. The most recent release, version 4.51, fixed a number of bugs.