Both Netscape and Microsoft have been working with Consumer.net owner Russ Smith to determine why his server logs were showing users' cookie information--including passwords and mailing addresses--from other sites.
Web sites place cookies on visitors' hard drives to keep track of information such as passwords, credit card numbers, and past purchases. Normally, a Web site would only be able to glean information from the cookie it placed on the visitor's hard drive. But Smith noticed in his server logs cookie information from other sites as well.
According to Netscape, the problem appears to stem from corrupted cookie files rather than any glitch in the browser or server software. The files Smith showed Netscape are missing a line-feed or carriage return command at the end of some cookie entries, causing the server to keep reading after it normally would stop.
Netscape stressed that its findings so far were preliminary, and that the problem was rare.
It remains unclear how the cookie files are getting corrupted. Netscape noted that the most common causes of file corruption are system crashes or instances when users turn off the computer without first shutting down the operating system.
Users concerned that their cookie information might be spread where it shouldn't be can disable cookies under their browser preferences. Alternately, they can periodically delete the cookies.txt file. This will require them to reenter all their login and other information when visiting sites that normally rely on cookies to keep track of it.