Netscape Communications today acknowledged that its Communicator Web browsing software was vulnerable to a frame-spoofing exploit. Vulnerable browsers let one Web site insert its own frames into a third-party site in the window of a surfer who visits both sites.
The trick poses risks to unsuspecting users who might forfeit credit card or other private information when visiting a trusted Web site. The exploit also can be implemented through email.
Browser maker Opera Software said it had long protected users against frame-spoofing. But today the company acknowledged minor problems with its frame implementation, and said it would be fixed in the next minor-point release of the browser, version 3.52, expected later this month.
The problem with the Microsoft and Netscape browsers is that they allow the manipulation of frames across domains. With the new patch, IE restricts the writing of frames to a single domain. Opera's browser is even stricter, and for the past year has restricted frame-writing to pages originating from the same Web server.
Netscape said it had verified that Communicator was susceptible to the exploit, and that it was beginning to work on a solution.