Security flaw found and fixed, says Netscape

A serious security flaw in several generations of Netscape Web browsers has been pinpointed and fixed by team of Netscape engineers, according to the company. The hole has existed since the launch of Netscape Navigator 2.0 - but came to light only after a Danish Internet consultant threated to expose Netscape to the press if the company did not pay him money.

A serious security flaw in several generations of Netscape Web browsers has been pinpointed and fixed by team of Netscape engineers, according to the company.

Last week a Danish Internet consultant found a bug in Netscape's Communicator software and demanded compensation for the information, threatening the company with public exposure, Netscape officials say. Netscape engineers have found the flaw in Netscape 2.0 and 3.0 as well as its recently launched 4.0 World Wide Web browser software and have fixed the flaw.

"Apparently this flaw has been in our software for nearly two years," says Andrea Cook, spokeswoman for Netscape. "However we have never had any reports regarding it, because you have to have a very specialised knowledge of the computer you are attacking to gain access."

A bug fix for Windows NT and Windows 95 will be posted onto the Netscape home page at (http://www.netscape.com/) by today, while fixes for 2.0 and 3.0 will follow later in the week, according to Cook.

Christian Orellana, of Cabocomm, a Danish Internet consultancy, found the bug and demanded cash in connection with a security flaw in Netscape's Communicator World Wide Web browser software.

"As far as we can tell the hacker would need a file name and file path to access files on a hard disk," says Jennifer O'Mahony, a spokeswoman for Netscape.

O'Mahony says Netscape has been in discussions with the consultant since Monday. "We offered him the usual compensation (up to US$1000) for such information but it became clear from his attitude that he wanted to speak to whoever held the chequebook at Netscape."

While Orellana never actually named a sum, according to O'Mahony, he said he threatened to bring the matter to the attention of the press this week during the company's developers conference which is being held in San Jose, California.

"We did not entertain him so on Wednesday; he went to CNN," says O'Mahony. "CNN and PC magazine carried out tests and with that information and the information we have already, we think our engineers will resolve the matter soon."

Neither Orellana nor Cabocomm officials could be immediately reached for comment.

Join the newsletter!

Error: Please check your email address.
Show Comments
[]