The bug-battling efforts of Netscape Communications seem to be a case of cache-as-cache-can.
The company today confirmed another caching bug in its Web browser, the fourth in recent weeks.
The latest problem would allow a malicious Web site operator or email sender swipe the contents of a user's browser cache and directory files. Two demonstrations that do just that are posted to the Web; one will read your cache, and the other will read your directory.
The person who found the bug, Georgi Guninski, notified Netscape of the problem and will reap a $1,000 finder's fee for the discovery, Netscape said today in confirming the security hole.
The bug bears a striking resemblance to two others discovered by bug hunter Dan Brumleve. The first of those, dubbed Cache Cow, reveals cache contents and browsing history. Netscape patched that hole with version 4.07 of the Navigator browser.
Another recently discovered bug prevents Navigator from properly following Web sites' requests that the browser not cache certain pages. In some scenarios involving shared computers, that could lead to breaches of security with user names, passwords, credit card numbers, and other private information.