Netscape fixes Communicator bug
Netscape Communications releases Communicator 4.01a, an update to the software suite that fixes a JavaScript security hole but does not include push channels.
Netscape acted quickly to fix the 3.x versions of its browser last week after at least two people independently of each other discovered two JavaScript flaws that let Web designers read anything an unsuspecting surfer types within the browser, including credit card numbers, search queries, and URLs. (See related story)
The second JavaScript bug does not affect Communicator, but it still affects the 3.x browsers despite a patch issued last week. Netscape is working to counter this so-called tracker bug and will have a new 3.02 version available starting next week, according to Dave Rothschild, director of client product marketing.
Rothschild also denied that there was a larger flaw in JavaScript. "They're two different bugs and we patched them," he said. "If there were a larger issue, we wouldn't be able to patch them. There's no design flaw in JavaScript. It's not writing to your hard drive.
"We think we've gone through and cut off any bugs related to these exploits."
Today's release patches the browser component of Communicator. The first bug was discovered by a researcher at Bell Labs and reported last month to Netscape, which invented JavaScript.
The flaw also affects 2.x versions of Navigator, but Netscape will not fix these versions. As with previous security flaws, the company advises users to upgrade to newer versions.
The Communicator update is available later today for Windows 3.1, Windows 95, and NT on Netscape's FTP site as well as CNET's BROWSERS.COM.