Users login

Create an account »


Users login

Home » Hacking News » Netscape releases 4 patches, 10 holes not fixed yet

Netscape releases 4 patches, 10 holes not fixed yet

by Nikola Strahija on July 26th, 2005 Netscape has released a number of fixes for serious security flaws in its browser and listed a further 10 that it has yet to patch.

The Netscape update repairs the most serious security flaws, but it also stated that the current version of Netscape 8 contains 10 other flaws that will be fixed in the coming weeks.

The company said it wanted to fix the most serious flaws first. Of those more serious holes, one involves the way external applications such as media players open javascript Web addresses within the browser. It can be exploited to run malicious script code in the content of any site. The same bug can be used to execute script code with escalated privileges in a media player application.

Another flaw involves shared function objects, and could allow Web content scripts to execute malicious code with escalated privileges, Netscape said. Independent security organisations such as French Security Incident Response Team and Secunia have said these bugs are highly critical.

A third fix involves the way the browser sets images as the wallpaper on a PC. The "Set As Wallpaper" option doesn't properly verify image URLs, so that a user can be tricked into setting a "javascript:" URL as the wallpaper, potentially resulting in the execution of malicious code, according to an advisory from Secunia.

The update contains a fourth fix whose purpose hasn't been disclosed, it is available for download from Netscape's website.

Netscape 8 first launched in May and had to be patched a day after launch because a number of security patches had been mistakenly left out of the initial version. Netscape has also released a second round of security fixes and a patch for a bug that interfered with XML rendering in Microsoft Internet Explorer.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »