Netscape Critical Flaws Fixed with This Week’s Netscape Release

The Internet Patrol - Patrolling the Internet for You
Follow Anne

Netscape has this week released Netscape version, which fixes four security holes which Netscape calls “critical”. Two of these critical security flaws have already been documented, while two others have not, but are nonetheless addressed with

The two security flaws which have been documented are a code execution through shared function objects issue, in which “improper cloning of base objects allowed web content scripts to walk up the prototype chain to get to a privileged object,” and a problem where “standalone applications can run arbitrary code through the browser” whereby when a media playser such as Flash or Quicktime opens a URL in the Netscape browser, “if the external URL was a javascript: url it would run as if it came from the site that served the previous content, which could be used to steal sensitive information such as login cookies or passwords. If the media player content first caused a privileged chrome: url to load then the subsequent javascript: url could execute arbitrary code.”

The new release also fixes “remaining history syncing issues between rendering engines” and other bugs and crash issues, says Netscape.

The release notes and download for Netscape version can be found here.

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.