More bugs for Microsoft and Netscape

Have you patched your browser lately? Microsoft and Netscape have confirmed security holes in their browsers in recent weeks, reminding users to make sure they have plugged the latest leaks. Netscape this week posted a fix to stop rogue Web site operators from intercepting data - including passwords, credit card numbers and other sensitive information - entered by end users. And Microsoft found a bug in a beta version of Internet Explorer 4.0 that lets malicious Web site operators overwrite or corrupt files on a surfer's hard drive.

Have you patched your browser lately?

Microsoft and Netscape have confirmed security holes in their browsers in recent weeks, reminding users to make sure they have plugged the latest leaks.

Netscape this week posted a fix to stop rogue Web site operators from intercepting data - including passwords, credit card numbers and other sensitive information - entered by end users.

And Microsoft found a bug in a beta version of Internet Explorer 4.0 that lets malicious Web site operators overwrite or corrupt files on a surfer's hard drive. Microsoft officials, however, say they doubt the problem will delay shipping the final version of the browser, slated for the end of this month.

But both companies claim no one actually has been victimised by the security holes. And Netscape denied the bugs are a sign of rampant security problems in browsers.

"We've been getting a lot of questions about someone finding yet another bug in Navigator," says Netscape spokesman Christopher Hoover. "But it's not the quantity of bugs. It's the quantity of people using the software that keeps going up. There are now 65 million people using Navigator, and a lot of them are looking for bugs."

Microsoft says the latest bug is rooted in a beta version of DirectX, a set of multimedia APIs for game designers and other interactive software writers. DirectX allows programmers to access specialised hardware features without having to write hardware-specific code.

The DirectX breach could affect users running Preview 2 of Internet Explorer 4.0 for Windows 95 and NT or the beta version of the Java Software Development Kit 2.0. Both include the DirectX beta implementation.

Microsoft officials say they do not know of anyone who has exploited the bug, but recommend users disable Java when using the products, just in case. Detailed information on the workaround is available at the Microsoft Web site.

Meanwhile, Netscape has posted a patch to an unrelated bug on its Web site. Using the Netscape bug, rogue Web operators could write a JavaScript program to open a second browser window and then read any information typed in the new window - including passwords, credit card numbers and other sensitive information.

The bug affects users running Netscape Communicator and Navigator 4.02. Netscape officials say they have confirmed the bug only in the Windows 32-bit platform, but have posted a fix for all platforms.

Join the newsletter!

Error: Please check your email address.
Show Comments

Market Place

[]