VNU Net: Security hole found in Netscape | Linux Today

VNU Net: Security hole found in Netscape

Written By
Web Webster
Web Webster
Apr 21, 2000

By John Geralds, VNU Net

A security hole that could expose private files has been
discovered in Netscape Communicator.

The problem allows hostile website operators to gather details
from visitors’ computers, including bookmarks and cache
information.

“We think this may be one of the most powerful Netscape
Communicator exploits ever,” said Bennett Haselton, a bug hunter
and head of PeaceFire, an organisation dedicated to fighting
content filtering on the web.

A Netscape spokeswoman said the company is testing two possible
fixes which will be added to the 4.7 release of the browser.

The vulnerability is caused by a combination of technologies
that allows an unfriendly website operator to avoid the browser’s
security features.

Users can use frames or windows to get at files in their
computers so windows opened from the local disk have weak security
features. Stronger cross frame security features should prevent web
authors from using JavaScript to transfer data from a window on a
user’s computer to a window belonging to the website operator.

However, Haselton showed that a website operator could introduce
JavaScript code through a cookie inserted onto the user’s hard
drive.

“Getting ‘read’ access to the user’s hard drive is the second
most powerful exploit you can possibly launch. If I run the exploit
on a specific person, I can determine what other sites they have
visited,” he said, adding that the ability to execute code on a
person’s computer is the most powerful.

He also noted that the problem only occurs if the user has their
profile name set on default, which applies to most users.

The Netscape spokeswoman cited the conditions necessary for an
exploit to occur and the fact that only links could be accessed.
The company also suggests users concerned about the vulnerability
to turn off JavaScript and to refuse to accept cookies or only
accept them from trusted sources.

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.