A SECURITY FLAW in Netscape Communications' Navigator Web browser can let malicious Web site operators view the information stored in cookies on a user's computer, according to a security note published on Netscape's Web site.

   ADVERTISEMENT
  

Free IT resource

Virtualization Insights from Top Experts - Learn how virtualization gets real!

Sponsored by Dell

Free IT resource

TechNet: More ways to know it, share it, and keep it running.

Sponsored by Microsoft

RELATED LINKS
»  IE 7 bug reopens debate over patch responsibilities
»  Woman ordered to pay for file-sharing will appeal
»  McAfee to buy SafeBoot for $350M
»  Security RSS feed 

IDG ENTERPRISE NETWORK
Research Reports  (CIO)
Ask the Expert  (CIO)

TOP NEWS 


IT SOLUTION SEARCH
The vulnerability affects Navigator versions 6 through 6.2, as well as version 0.9.6 and earlier versions of the open-source version of Navigator, Mozilla, according to an analysis written by Marc Slemko, who discovered the bug. The bug, Slemko said in his analysis, can be exploited by causing users to visit a Web address inserted into HTML code on a Web page or in an HTML-formatted e-mail. If the user were to view the malicious Web site, cookies could be stolen off the user's computer, Slemko said.

Cookies are small data files used by many Web sites to track user visits, preferences and identity. If a cookie is readable, it can be used to impersonate the rightful owner of that cookie on a Web site.

Netscape urges all users of Navigator 6 through 6.2 to upgrade to version 6.2.1 which does not contain the flaw. Mozilla users should upgrade to version 0.9.7, which also contains the fix.

Users can upgrade the Netscape browser at http://home.netscape.com/computing/download/index.html or Mozilla at http://www.mozilla.org/.

Slemko's analysis of the vulnerability can be found at http://alive.znep.com/~marcs/security/mozillacookie/.