[plug] Netscape insecurity

[Bret Busby]

I have yesterday bought the September 1999 issue of PCWorld.

It comes with a CD with netscape 4.61 for both Windows, and for Linux.

On page 152 of the printed magazine, in reference to Netscape 4.61, it says,

"Within days of the update's release, Bulgarian browser-security sleuth George
Guninski found three flaws. These holes allow HTML authors to access your
Navigator bookmarks, cache, and configuration files; browse your hard disk; and
read local files on your system. For more details about these security gaps,
walk over to some other unsuspecting fool's computer and check out Guninski's
Web site at www.nat.bg/~joro."

I went to the web site, and, while it listed versions of Netscape with problems,
and had a link for demonstrations, for Netscape 4.07 (I think), it qualified it
by indicating that it applied to the Windows versions.

However, for the later versions, it did not appear to restrict the problems to
the Windows versions.

I did not go for a demonstration, in case it attacked my system.

Given that Linux, as a version of UNIX, has password security to an extent that
Windows does not, (even if not using the firewalling software that is part of
Linux), do these security risks apply to the Netscape for Linux? And, therefore,
is the password security of Linux defeated by using Netscape 4.61?

I am concerned that, if we install Netscape 4.61, and those security risks
exist, that it will provide a risk that we would not otherwise have.

Bret Busby
.......................

PS: the magazine has an interesting article about the CALU, on the opposite
page; page 153.
"One thing that has been made clear from this conference is that Australia is at
the forefront of Linux development, and by all accounts, should remain there for
a long time"