RealTime IT News

Back to The Drawing Board For Netscape

Netscape was forced to publish a security update for its Netscape 8 browser only hours after its official launch.

The latest version, which boasts being more secure than Microsoft's Internet Explorer with the functionality of Mozilla's Firefox, was shipped with serious security bugs, the company admitted Friday.

Officials blamed the snafu on a security vendor who passed along inaccurate information.

"The reason for the update was that we had been misinformed by an external security vendor we had retained prior to launching that the Firefox 1.0.3 security issues did not affect us," Andrew Weinstein a spokesperson America Online , the company that owns Netscape, said. The Netscape browser is based on the open-source Firefox browser, although it didn't include any of the security patches released in Firefox 1.0.4.

"Yesterday, after we received information that our vendor was not accurate, we addressed those remaining issues and posted an updated version of the browser within hours," he said. "We will always take immediate action to protect our users from security threats."

AOL declined to release the name of the vendor, although Weinstein did say, "They are a former security vendor at this point."

Version 8 is the first major update to the browser since 2002 and includes a number of security features designed to protect users from remote attacks and malicious Web sites.

Netscape 8's development was outsourced to Canadian firm Mercurial Communications when AOL laid off most of its development team in 2003.

Danish Security firm Secunia said it had found two of the bugs and labeled them "extremely critical" on their Web site.

The most serious flaw could allow malicious attackers to gain complete control over a victim's PC, according to Secunia.

Firefox lead engineer Ben Goodger posted the exploits on his blog while taking an opportunity to swipe at the browser rival.

"If security is important to you, this demonstration should show that browsers that are redistributions of the official Mozilla releases are never going to give you security updates as quickly as Mozilla will itself for its supported products," he wrote.