So-called Web "anonymizers" work by acting as proxies for Web surfers or by rewriting Web pages that users request. This prevents Web sites from gleaning any information, such as an Internet Protocol (IP) address, from the visitor or transmitting cookies to the client hard drive.
In two holes discovered by security maven Richard Smith, president of Phar Lap Software, users are either bounced out of their "anonymized" Web environment or have their IP address and host name revealed.
"We've tested the bug reported under [Microsoft's] Internet Explorer, and it does not exist with version 5.0," said Anonymizer president Lance Cottrell. "It doesn't work with Opera, either. Our feeling right now is that since Communicator is the only browser doing it, it's a Netscape bug."
Netscape said it was looking into the problem and could not immediately comment on it.
Cottrell said his company would implement a fix tonight. He also noted that the exploit Smith demonstrated is easy to detect, since the Anonymizer interface falls away as the user is bounced out of the anonymized environment.