However, some users will have to upgrade their older browsers to patch the flaw, Netscape said.
The fixes posted today are in the form of a new version of Communicator, the latest iteration of the popular Navigator browser. The 4.01 release comes in a basic, complete, and professional install. The "smart update" option, a much smaller download that contains only files that need updating, will be available tomorrow, according to Netscape group product manager Daniel Klaussen.
Release 4.01 is only for Windows 95 and NT; the security hole is also present in older 2.x and 3.x versions of Navigator. According to an email Netscape sent today to its channel partners, the release of Communicator for Macintosh and Windows will ship next week with the security problem solved. A fix for Navigator 3.0 is due in July.
The company also warned that it would not fix Navigator 2.x. Instead, it recommended that users upgrade to later versions of the browser.
The Navigator bug was found by Christian Orellana, a Danish software programmer who insisted on fair compensation for his discovery, a undisclosed sum that was much larger than the typical $1,000 that Netscape offers to bug finders as part of its "Bugs Bounty" program.
When Netscape refused to meet his demands, Orellana demonstrated the hole to two media outlets, and the story hit the headlines last week just as Netscape was winding up its annual developer conference. The company was able to reconstruct the problem without Orellana's help, and the programmer will get no compensation at all, it said last week.
Netscape said yesterday that it would post the fix by tomorrow. The software was available on the company's FTP site late last night but has not yet been publicized yet. Many users who have already downloaded the software first found out about the posting on Usenet newsgroups.
For an alternate download site, visit DOWNLOAD.COM.