Netscape has released a series of fixes for serious security flaws in its browser and, incredibly, listed a further 10 that
it has yet to patch.
The Netscape 8.0.3.1 update repairs the most serious security flaws in Firefox, on which Netscape is based, the company said.
But it also stated that the current version of Netscape 8 also contains 10 other flaws that will be fixed in the coming weeks.
The company said it wanted to fix the most serious flaws first. Of those more serious holes, one involves the way external
applications such as media players open "javascript:" Web addresses within the browser. It can be exploited to run malicious
script code in the content of any site. The same bug can be used to execute script code with escalated privileges in a media
player application.
Another flaw involves shared function objects, and could allow Web content scripts to execute malicious code with escalated
privileges, Netscape said. Independent security organizations such as French Security Incident Response Team (FrSIRT) and
Secunia have said these bugs are highly critical.
A third fix involves the way the browser sets images as the wallpaper on a PC. The "Set As Wallpaper" option doesn't properly
verify image URLs, so that a user can be tricked into setting a "javascript:" URL as the wallpaper, potentially resulting
in the execution of malicious code, according to an advisory from Secunia.
The update contains a fourth fix whose purpose hasn't been disclosed, according to FrSIRT. The update is available from Netscape's
Web site.
Netscape 8 first launched in May and had to be patched a day after launch because a number of security patches had been mistakenly
left out of the initial version. Netscape has also released a second round of security fixes and a patch for a bug that interfered
with XML rendering in Microsoft Internet Explorer.
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...
