Netscape has this week released Netscape version 8.0.3.1, which fixes four security holes which Netscape calls “critical”. Two of these critical security flaws have already been documented, while two others have not, but are nonetheless addressed with 8.0.3.1.
The two security flaws which have been documented are a code execution through shared function objects issue, in which “improper cloning of base objects allowed web content scripts to walk up the prototype chain to get to a privileged object,” and a problem where “standalone applications can run arbitrary code through the browser” whereby when a media playser such as Flash or Quicktime opens a URL in the Netscape browser, “if the external URL was a javascript: url it would run as if it came from the site that served the previous content, which could be used to steal sensitive information such as login cookies or passwords. If the media player content first caused a privileged chrome: url to load then the subsequent javascript: url could execute arbitrary code.”
The new release also fixes “remaining history syncing issues between rendering engines” and other bugs and crash issues, says Netscape.
The release notes and download for Netscape version 8.0.3.1 can be found here.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.