Netscape has released a series of fixes for serious security flaws in its browser and, incredibly, listed a further 10 that it has yet to patch.
The Netscape 8.0.3.1 update repairs the most serious security flaws in Firefox, on which Netscape is based, the company said. But it also stated that the current version of Netscape 8 also contains 10 other flaws that will be fixed in the coming weeks.
The company said it wanted to fix the most serious flaws first. Of those more serious holes, one involves the way external applications such as media players open "javascript:" Web addresses within the browser. It can be exploited to run malicious script code in the content of any site. The same bug can be used to execute script code with escalated privileges in a media player application.
Another flaw involves shared function objects, and could allow Web content scripts to execute malicious code with escalated privileges, Netscape said. Independent security organizations such as French Security Incident Response Team (FrSIRT) and Secunia have said these bugs are highly critical.
A third fix involves the way the browser sets images as the wallpaper on a PC. The "Set As Wallpaper" option doesn't properly verify image URLs, so that a user can be tricked into setting a "javascript:" URL as the wallpaper, potentially resulting in the execution of malicious code, according to an advisory from Secunia.
The update contains a fourth fix whose purpose hasn't been disclosed, according to FrSIRT. The update is available from Netscape's Web site.
Netscape 8 first launched in May and had to be patched a day after launch because a number of security patches had been mistakenly left out of the initial version. Netscape has also released a second round of security fixes and a patch for a bug that interfered with XML rendering in Microsoft Internet Explorer.
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
Sign up to receive Applications Resource Alerts
Like any valuable resource, IT is a terrible thing to waste. But by applying the same lean techniques that have been used to streamline manufacturing processes, IT departments can reduce costs, improve performance and better manage resources.
Download now! »
Stephen Elliot, vice president of strategy for CA's Infrastructure Management and Data Center Automation business unit, explains why difficult economic times drive the need for simplified management capabilities and advanced automation tools.
Listen now! »
According to a recent study CA conducted with 300 CIOs and top IT executives, 64 percent of respondents say they've already invested in virtualization, and the other 36 percent reported that they plan to invest in virtualization.
Download now! »
In this video learn about process automation in a virtualized world. How CA and VMware are enabling enterprise datacenter automation.
View now! »
Recommend This
