CNET también está disponible en español.

Ir a español

Don't show this again


Netscape fights browser bug

The company is moving to patch a security hole in Communicator that exposes a variety of information on users' hard drives.

Netscape is moving to patch a browser security hole that exposes a variety of information on users' hard drives, the company said today.

The bug in Netscape Communications' Communicator browser can reveal the content of HTML files, cache, and browsing directories.

The bug exposes only parsed HTML files, meaning that it reveals only what the Web page visitor would see and not the underlying source code.

The hole involves Communicator's implementation of JavaScript, the firm said. JavaScript is a scripting language developed by Netscape for automatically presenting Web content without user interaction.

Netscape said it was working on a fix for the bug and that it had awarded Bulgarian bug hunter Georgi Guninski a $1,000 bounty for discovering it. Guninski discovered another JavaScript security bug last month.

Affected Communicators include versions 4.5 for Win95 and 4.08 for WinNT, according to Guninski. Guninski posted a demonstration of the bug on the Web and recommended disabling JavaScript as a workaround.

Netscape noted that an exploitation of the hole has not been reported yet.