Netscape, Microsoft Work To Repair Bugs

The makers of both the major Web browsers were working Tuesday to repair bugs that could compromise a Web user’s private information and Internet usage patterns.

The first was discovered in Netscape’s Communicator Browser and new Netscape owner America Online said it was working on a fix.

That problem allows unscrupulous Web site operators to use Netscape’s JavaScript console to see what sites a person has visited. The console was added to Netscape’s browsers last summer. It’s purpose is to display all JavaScript error messages in a separate window. Before it was introduced, each error was put on individual messages. Pages causing several errors could lead a user’s computer screen to be filled up with such messages.

The bug was discovered by Bulgarian Georgi Guninski, who has run across several flaws before.

AOL said the problem would be fixed in the next release of the browser.

Meanwhile, Microsoft Corp. said two potential flaws in Internet Explorer 5.0 could allow Web operators access to private information.

That problem is related to a flaw that has shown up in IE several times. In the latest case, the flaw allows Web operators to view users’ clipboards.

Guninski told the latest bug allows Web site operators to steal a file if they know its name. He said the bug is in IE 5.0’s DHTML edit control.

The second potential problem, which Microsoft is characterizing as only a “hypothetical risk” and not a bug, has to do with IE 5.0’s support for script copy and paste functions built into Web sites. If a Web site operator took advantage of the potential problem, he could view the contents of a user’s clipboard.

A demonstration of the bug can be found here.

Microsoft said anyone concerned about the bug should disable the scripting feature.

News Around the Web