Netscape Communications thought it had plugged the hole, first reported by Bell Labs, in releasing a new version of Navigator 3.02, but a similar bug based on the same design flaw continues to affect the updated software.
Netscape representatives today acknowledged that the latest variation of the bug, which produces the same results as the Bell Labs bug, still affects the updated 3.02 software.
The variation is demonstrated on Dan Brumleve's "Tracker" Web site. Tracker affects the updated Navigator 3.02 for Windows, Mac, and Unix, but it does not appear to affect Communicator, according to Brumleve, Anupam, and Dave Rothschild, Netscape's director of marketing for client applications.
However, Communicator on all platforms is still vulnerable to the method of attack discovered by Anupam, and a new version will be posted next week, Rothschild said today.
The hole also affects Windows 95 and NT versions of Explorer. The company will issue a software patch next week to fix its existing browser and will include a fix in the next beta of Internet Explorer 4.0, due out later this month, according to product manager Kevin Unangst.
Netscape is examining the code that Brumleve wrote to exploit the flaw but hasn't announced any further fix.