'Secure' Netscape released with vulnerabilities

Netscape has released the newest version of its browser with serious known vulnerabilities, claim developers of the code which forms the basis of the product.Netscape 8 is based on version 1.

Netscape has released the newest version of its browser with serious known vulnerabilities, claim developers of the code which forms the basis of the product.

Netscape 8 is based on version 1.0.3 of the open source Mozilla Firefox browser, with features such as a new interface and ability to use the Internet Explorer rendering engine added. The AOL-owned Netscape unit has emphasised the security features of the new version as a key reason for users to adopt it.

However, the Mozilla Foundation updated the Firefox browser to 1.0.4 several weeks ago, citing the publication of exploit code for two vulnerabilities rated "extremely critical" by security monitoring company Secunia.

When combined, the two flaws could allows malicious attacks to engage in cross-site scripting and remote system access.

Several key Mozilla developers have criticised Netscape over the apparent blunder.

Firefox lead engineer Ben Goodger has posted on his blog a live exploit of the flaws to illustrate to Netscape 8 users how vulnerable their browser is. The exploit will display the user's personalise cookie file installed by Google.

Goodger said: "If security is important to you, this demonstration should show that browsers that are redistributions of the official Mozilla releases are never going to give you security updates as quickly as Mozilla will itself for its supported products."

Gervase Markham, a key developer of Mozilla's bug tracking system Bugzilla, also came down hard on Netscape 8 in his blog.

Markham took particular issue with a pop-up window which greets users accessing Netscape's home page with browsers other than Netscape 8.

"ALERT: Your Current Browser Is Outdated", the window claims. "Netscape Browser 8.0 providers more security choices than any other browser.

This claim, said Markham, was particularly amusing to him since he was using a very recent release of Firefox which had fixed the vulnerabilities found in version 1.0.3 and Netscape 8.

Another contributor to Firefox, Ali Ebrahim, attacks Netscape's 'more security choices' claim.

"Even if this is true, it does not make Netscape any more secure," he said. "It simply means that users are presented with more ways in which they can make their Web browsing more insecure. Chief amongst these is the ability to use [IE] as the rendering engine."

IE has repeatedly been lampooned for its poor security record. The latest set of highly critical flaws in the browser were found in early April of this year.

A spokesperson from Netscape was not available for comment at time of publication.