Newborn Netscape Has Defects
Netscape has updated its Netscape 8 Web browser after it learned that exploits plugged by the latest release of Firefox remained un-patched, leaving users of the one-day-old browser susceptible to attack and the possibility of a malicious user gaining complete control over their PC.
According to America Online, Netscape's parent company, misinformation from a third party security vendor was to blame for Netscape's Firefox foible. The vendor had incorrectly stated that the browser was immune to flaws disclosed by the Mozilla Foundation in three security advisories issued last week.
"Yesterday, after we received information that our vendor's report was not accurate, we addressed those remaining issues and posted an updated version of the browser within hours. We will always take immediate action to protect our users from security threats," said an AOL spokesperson.
The flaws were addressed by Firefox 1.0.4 shortly after the advisories were issued.
Lead Firefox engineer Ben Goodger criticized the slip up, stating, "If security is important to you, this demonstration should show that browsers that are redistributions of the official Mozilla releases are never going to give you security updates as quickly as Mozilla will itself for its supported products," in his personal Web blog.
Goodger encourages Internet users to use Firefox in lieu of Netscape, deeming it a more secure Web browser. To prove his point, Goodger published exploit code demonstrating Netscape's vulnerabilities.
Netscape is working on an update mechanism to push out version 8.01 of the browser, which protects users from the flaws, to its installed base of early adopters. In the interim, users may download the updated build directly from Netscape.
Ironically, the hallmark of the release was security. The browser toggles between the Internet Explorer and Firefox rendering engines automatically in response to compatibility and security needs and is fortified with new anti-phishing technologies including a trust rating system for Web sites.
Netscape 8.0 was released on Thursday. The updated 8.01 Netscape Browser is available at FireForum.