This month's browser bugs
Tip Each month seems to bring a new browser security hole. A Singapore researcher found that Netscape Communicator's LiveConnect feature, which allows JavaScript code and Java applets to communicate with each other, opens a security breach similar to the problem described in last month's Help Screen. The Singapore or Tracker bug doesn't affect earlier versions of Netscape Navigator or any version of Microsoft Internet Explorer. A similar breach, called the Santa Barbara bug, also allows hackers to observe URLs and other data you type into Navigator. Netscape has duly released Communicator 4.03 (home.netscape.com/download/client_download.html), which fixes both bugs. Meanwhile, Microsoft announced on August 12 that all of its Internet Explorer 3.0 and 4.0 browser versions for Windows 3.x, 95, and NT 3.51 and 4.0 are susceptible to attacks from Java hackers. Specifically, cleverly written Web sites could download images from -- or run Java applets located on -- other servers that you have access to. The hole also allows a Java applet to load Java code located on other systems on your intranet. Is this a problem that jeopardises any data in the real world? The mind boggles. In any case, Microsoft has issued updates to IE 3.0 and 4.0 that close the hole. See http://www.microsoft.com/ie/security/javamischief.htm for the latest details and patches. - Scott Spanbauer [ | Category: Bugs and fixes, Internet Issue: Jan 1998 Pages: 176 |
These Web pages are produced by Australian PC World © 1997 IDG Communications