RSSNewborn Netscape Has Defects
By David Worthington | Published May 20, 2005, 4:55 PM
Netscape has updated its Netscape 8 Web browser after it learned that exploits plugged by the latest release of Firefox remained un-patched, leaving users of the one-day-old browser susceptible to attack and the possibility of a malicious user gaining complete control over their PC.
According to America Online, Netscape's parent company, misinformation from a third party security vendor was to blame for Netscape's Firefox foible. The vendor had incorrectly stated that the browser was immune to flaws disclosed by the Mozilla Foundation in three security advisories issued last week.
"Yesterday, after we received information that our vendor's report was not accurate, we addressed those remaining issues and posted an updated version of the browser within hours. We will always take immediate action to protect our users from security threats," said an AOL spokesperson.
The flaws were addressed by Firefox 1.0.4 shortly after the advisories were issued.
Lead Firefox engineer Ben Goodger criticized the slip up, stating, "If security is important to you, this demonstration should show that browsers that are redistributions of the official Mozilla releases are never going to give you security updates as quickly as Mozilla will itself for its supported products," in his personal Web blog.
Goodger encourages Internet users to use Firefox in lieu of Netscape, deeming it a more secure Web browser. To prove his point, Goodger published exploit code demonstrating Netscape's vulnerabilities.
Netscape is working on an update mechanism to push out version 8.01 of the browser, which protects users from the flaws, to its installed base of early adopters. In the interim, users may download the updated build directly from Netscape.
Ironically, the hallmark of the release was security. The browser toggles between the Internet Explorer and Firefox rendering engines automatically in response to compatibility and security needs and is fortified with new anti-phishing technologies including a trust rating system for Web sites.
Netscape 8.0 was released on Thursday. The updated 8.01 Netscape Browser is available at FireForum.
I'm sure you didn't mean it, but your title is pretty offensive. Newborn? Defects?
Score: 0
Leave it to AOL to completely destroy a once-great product.
This was not surprising at all, however, and it just goes to show that AOL jumped the gun on the release before dotting their i's and crossing their t's.
However, despite AOL's incompetence, it must be pointed out that Goodger's actions of posting exploit code is extremely irresponsible! Criticizing AOL's actions is fine, and he has a right to encourage FF use over Netscape, but this is a blatantly malicious action that makes me question his sincerity and commitment to security.
Score: 0
Are you kidding?? There is nothing wrong with calling someone out on their products and saying "Hey, great product their that is based off of my product, but there is problem in this area that you might want to check out." And if it takes someone to walk them through it and physically show them then thats all good.
So good job, Goodger. You offered your source code to the public, they took it and ran with an idea and all you did was inform your customers of a flaw even if it means showing them.
_________________________________________________
AOL SUCKS!!
Score: 0
I didn't say he was at fault for calling them on their mistake... I said he was at fault for how he called them on it... he actually released exploit code.
Score: 0
A bit offtopic but Mozilla had jumped the gun themselves with Firefox 1.0. Firefox was/is deffinitly not ready to be claimed as anything close to a final product but it was a VERY smart marketing decision. After the big stir of anti IE sentiment Mozilla could not have picked a better time to annonce version 1.0. The big "IE Sucks" craze has now faded out alot and if Mozilla had waited they would proly not have the decent market share they managed to gain in such a short time.
Score: 0
reason being is aol owns/ed it
Score: 0
It made me chuckle. Good job.
Score: 0
It was Firefox 1.03...what did anyone expect? So now it's up to date with 1.04...question is, will NS have to update after each FF update, or are they branching off completely now?
Score: 0
good point
Score: 0