VNU Net: Security hole found in NetscapeApr 21, 2000, 08:28 (1 Talkback[s])
(Other stories by John Geralds)
By John Geralds, VNU Net
A security hole that could expose private files has been discovered in Netscape Communicator.
The problem allows hostile website operators to gather details from visitors' computers, including bookmarks and cache information.
"We think this may be one of the most powerful Netscape Communicator exploits ever," said Bennett Haselton, a bug hunter and head of PeaceFire, an organisation dedicated to fighting content filtering on the web.
A Netscape spokeswoman said the company is testing two possible fixes which will be added to the 4.7 release of the browser.
The vulnerability is caused by a combination of technologies that allows an unfriendly website operator to avoid the browser's security features.
"Getting 'read' access to the user's hard drive is the second most powerful exploit you can possibly launch. If I run the exploit on a specific person, I can determine what other sites they have visited," he said, adding that the ability to execute code on a person's computer is the most powerful.
He also noted that the problem only occurs if the user has their profile name set on default, which applies to most users.