Netscape has released a series of fixes for serious security flaws in its browser and, incredibly, listed a further 10 that it has yet to patch.
The Netscape 8.0.3.1 update repairs the most serious security flaws in Firefox, on which Netscape is based, the company said. But it also stated that the current version of Netscape 8 also contains 10 other flaws that will be fixed in the coming weeks.
The company said it wanted to fix the most serious flaws first. Of those more serious holes, one involves the way external applications such as media players open "javascript:" Web addresses within the browser. It can be exploited to run malicious script code in the content of any site. The same bug can be used to execute script code with escalated privileges in a media player application.
Another flaw involves shared function objects, and could allow Web content scripts to execute malicious code with escalated privileges, Netscape said. Independent security organizations such as French Security Incident Response Team (FrSIRT) and Secunia have said these bugs are highly critical.
A third fix involves the way the browser sets images as the wallpaper on a PC. The "Set As Wallpaper" option doesn't properly verify image URLs, so that a user can be tricked into setting a "javascript:" URL as the wallpaper, potentially resulting in the execution of malicious code, according to an advisory from Secunia.
The update contains a fourth fix whose purpose hasn't been disclosed, according to FrSIRT. The update is available from Netscape's Web site.
Netscape 8 first launched in May and had to be patched a day after launch because a number of security patches had been mistakenly left out of the initial version. Netscape has also released a second round of security fixes and a patch for a bug that interfered with XML rendering in Microsoft Internet Explorer.

Sign up to receive Applications Resource Alerts
Like any valuable resource, IT is a terrible thing to waste. But by applying the same lean techniques that have been used to streamline manufacturing processes, IT departments can reduce costs, improve performance and better manage resources.
Download now! »Stephen Elliot, vice president of strategy for CA's Infrastructure Management and Data Center Automation business unit, explains why difficult economic times drive the need for simplified management capabilities and advanced automation tools.
Listen now! »According to a recent study CA conducted with 300 CIOs and top IT executives, 64 percent of respondents say they've already invested in virtualization, and the other 36 percent reported that they plan to invest in virtualization.
Download now! »In this video learn about process automation in a virtualized world. How CA and VMware are enabling enterprise datacenter automation.
View now! »