A page describing the problem was posted to the Web this week by programmer Dan Brumleve. Brumleve recently discovered and demonstrated two Navigator privacy bugs, both of which revealed users' cache, browsing history, and other information.
The present bug allows a malicious programmer to flood the browser's MIME-type memory and cause the application to crash. Brumleve suggests that malicious code could then be caused to run on the victim's computer, but Netscape said no such exploit has been demonstrated.
The attack is launched when the user tries to download an attacker's plug-in. Netscape suggests that Unix users using Navigator work around the problem by setting preferences to present a warning before the plug-in can be downloaded: Under application preferences, users should select unknown plug-ins (denoted by an asterisk), select the "edit," button, and set it to "unknown:prompt user."
Netscape said it would post a security alert on the bug today and that it was working on a fix. But Communicator product manager Micki Seibel said that, unless the company finds evidence that the hole has effectively been exploited, no special release of a patched browser would be issued ahead of schedule.
The bug affects versions 3.x, 4.0x, and 4.5 of the client for users on the Unix platform only.