Netscape Critical Flaws Fixed with This Week’s Netscape 8.0.3.1 Release 7/26/2005 - 687 views,
|
Previous Article « Proof of Windows Legitimacy Becomes Mandatory with Release of Windows Genuine Advantage (WGA) 1.0
Read Next Article » 9 Out of 10 Teens Now Online, Eschew Email, Embrace Instant Messenger
Netscape has this week released Netscape version 8.0.3.1, which fixes four security holes which Netscape calls “critical”. Two of these critical security flaws have already been documented, while two others have not, but are nonetheless addressed with 8.0.3.1. The two security flaws which have been documented are a code execution through shared function objects issue, in which “improper cloning of base objects allowed web content scripts to walk up the prototype chain to get to a privileged object,” and a problem where “standalone applications can run arbitrary code through the browser” whereby when a media playser such as Flash or Quicktime opens a URL in the Netscape browser, “if the external URL was a javascript: url it would run as if it came from the site that served the previous content, which could be used to steal sensitive information such as login cookies or passwords. If the media player content first caused a privileged chrome: url to load then the subsequent javascript: url could execute arbitrary code.” The new release also fixes “remaining history syncing issues between rendering engines” and other bugs and crash issues, says Netscape. The release notes and download for Netscape version 8.0.3.1 can be found here.
|
|
Email the link for this page to a friend! |
Read more:
» Severe Security Flaw in Netscape
» Move Over Internet Explorer - Make Way for New Netscape with Anti-Phishing Features
» Microsoft to Internet Explorer Users: “Hey You! Uninstall Netscape 8!”
» Microsoft Windows Security Updates for October - 3 Critical!
For additional similar stories check out our archives on Security, Windows
