May 20, 2005 11:00 AM PDT
Netscape patches 1-day-old browser
The original Netscape 8, released early Thursday, is based on version 1.0.3 of the open-source Firefox browser. Netscape thought the new browser was immune to security vulnerabilities in the Firefox software that were fixed last week in Firefox 1.0.4. It turns out Netscape 8 is vulnerable.
"We had been misinformed by an external security vendor that the Firefox security issues did not affect us," Netscape spokesman Andrew Weinstein said Friday. "Within hours of discovering that the vendor was not accurate, we had addressed those issues and posted an updated version of the browser."
Late on Thursday, the software maker posted Netscape version 8.0.1, which includes fixes for the problems. It plans to push an update out to people who installed the original Netscape 8. However, the company is still working on its update mechanism, so in the meantime people have to go to the Netscape.com Web site to get the patched browser, Weinstein said.
The update is designed to address flaws that were detailed in three security advisories released last week by the Mozilla Foundation, the developer of the Firefox browser. The most serious issues could allow malicious attackers to gain complete control over a victim's PC, according to the advisories.
Netscape, a division of Time Warner's America Online subsidiary, is facing heat over the security goof-up from Mozilla developers. Ben Goodger, lead engineer for Firefox, on Thursday posted an exploit on his blog to demonstrate that Netscape 8 is vulnerable. At the same time, he pitched Firefox as a more secure Web browser.
"If security is important to you, this demonstration should show that browsers that are redistributions of the official Mozilla releases are never going to give you security updates as quickly as Mozilla will itself for its supported products," Goodger wrote.
Netscape 8 includes features to protect users against online scams such as phishing and spyware. The updated browser automatically adjusts security settings while people surf, based on lists of sites that are known to be malicious and of trusted sites.
10 commentsJoin the conversation! Add your comment