Netscape Users Lose Fig Leaf

  • Share
  • Read Later
The message seemed innocuous enough. "Hello. I've discovered another javascript security hole," read Friday's Usenet post from "Mr. Nothing" (aka Dan Brumleve). By Monday, it had mutated into a full-blown security crisis for Netscape and everyone who owns its browsers. As Brumleve demonstrates on his web page, it is possible to download a short, 30-line javascript program that will snatch information from a Netscape user's hard drive. Specifically, the flaw allows web sites to scan your cache without setting a cookie -- in other words, make off with a list of all those places, naughty and nice, where you've been surfing.

Although Netscape admits the problem has "security implications" and promises to look into the matter, there was no warning to be found on its home page as of Monday morning. Since the bug affects every version of Navigator and Communicator, but is not found on any Microsoft browser, Brumleve's discovery could be a serious blow for the already-embattled Netscape in the browser wars. Privacy-minded Netscape fans might consider switching to the dark side, at least for the time being.