'Secure' Netscape released with vulnerabilities

'Secure' Netscape released with vulnerabilities

Summary: Netscape has released the newest version of its browser with serious known vulnerabilities, claim developers of the code which forms the basis of the product.Netscape 8 is based on version 1.

SHARE:
TOPICS: Browser
6
Netscape has released the newest version of its browser with serious known vulnerabilities, claim developers of the code which forms the basis of the product.

Netscape 8 is based on version 1.0.3 of the open source Mozilla Firefox browser, with features such as a new interface and ability to use the Internet Explorer rendering engine added. The AOL-owned Netscape unit has emphasised the security features of the new version as a key reason for users to adopt it.

However, the Mozilla Foundation updated the Firefox browser to 1.0.4 several weeks ago, citing the publication of exploit code for two vulnerabilities rated "extremely critical" by security monitoring company Secunia.

When combined, the two flaws could allows malicious attacks to engage in cross-site scripting and remote system access.

Several key Mozilla developers have criticised Netscape over the apparent blunder.

Firefox lead engineer Ben Goodger has posted on his blog a live exploit of the flaws to illustrate to Netscape 8 users how vulnerable their browser is. The exploit will display the user's personalise cookie file installed by Google.

Goodger said: "If security is important to you, this demonstration should show that browsers that are redistributions of the official Mozilla releases are never going to give you security updates as quickly as Mozilla will itself for its supported products."

Gervase Markham, a key developer of Mozilla's bug tracking system Bugzilla, also came down hard on Netscape 8 in his blog.

Markham took particular issue with a pop-up window which greets users accessing Netscape's home page with browsers other than Netscape 8.

"ALERT: Your Current Browser Is Outdated", the window claims. "Netscape Browser 8.0 providers more security choices than any other browser.

This claim, said Markham, was particularly amusing to him since he was using a very recent release of Firefox which had fixed the vulnerabilities found in version 1.0.3 and Netscape 8.

Another contributor to Firefox, Ali Ebrahim, attacks Netscape's 'more security choices' claim.

"Even if this is true, it does not make Netscape any more secure," he said. "It simply means that users are presented with more ways in which they can make their Web browsing more insecure. Chief amongst these is the ability to use [IE] as the rendering engine."

IE has repeatedly been lampooned for its poor security record. The latest set of highly critical flaws in the browser were found in early April of this year.

A spokesperson from Netscape was not available for comment at time of publication.

Topic: Browser

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • Somewhat of a mixed message:
    <quote>Goodger said: "If security is important to you, this demonstration should show that browsers that are redistributions of the official Mozilla releases are never going to give you security updates as quickly as Mozilla will itself for its supported products."</quote>

    ...so:
    "hey look, we're open source, everyone can share, contribute and create your own flavours"
    ...but:
    "don't expect to be as good as our version because you'll always be behind the 8 ball and we'll let everyone know about it"

    Microsoft probably have a patent on that kind of business tactic, watch yourselves boys...
    anonymous
  • I'll stay with the Opera 8 browser!
    anonymous
  • micro$oft..nutscrape..furryfox..
    naaaa. Think that I'll just hang on to me Opera thankyou very much...
    anonymous
  • The toolbars are pretty buggy too. Flexible spaces are impossible to get rid of without reseting the toolbars and heaven forbid if you want the navigation bar below the personal toolbar.

    I doesn't seem to support international addresses when it comes to personalizing either.
    anonymous
  • What marvelous advertising for a product. At least for most vendors the bugs take a few days to appear, not before it is actually out the door. Install me and become vulnerable, is this Mozilla stuff really worth having, Opera here I come!!! I thought many eyes made bugs shallow. Obviously not in all cases
    anonymous
  • over 41 patches needed in just hours after release?
    I'll stick to my Opera...
    anonymous