Back to The Drawing Board For Netscape

Netscape was forced to publish a security update for its Netscape 8
browser only hours after its official launch.

The latest version, which boasts being more secure than Microsoft’s Internet Explorer with the functionality of Mozilla’s Firefox,
was shipped with serious security bugs, the company admitted Friday.

Officials blamed the snafu on a security vendor who passed along
inaccurate information.

“The reason for the update was that we had been misinformed by an
external security vendor we had retained prior to launching that the Firefox
1.0.3 security issues did not affect us,” Andrew Weinstein
a spokesperson America Online , the company that owns
Netscape, said. The Netscape browser is based on the open-source Firefox
browser, although it didn’t include any of the security patches released in
Firefox 1.0.4.

“Yesterday, after we received information that our vendor was not
accurate, we addressed those remaining issues and posted an updated version
of the browser within hours,” he said. “We will always take immediate
action to protect our users from security threats.”

AOL declined to release the name of the vendor, although Weinstein did
say, “They are a former security vendor at this point.”

Version 8 is the first major update to the browser since 2002 and
includes a number
of security features designed to protect users from remote attacks and malicious
Web sites.

Netscape 8’s development was outsourced to Canadian firm Mercurial
Communications when AOL laid off most of its development team in 2003.

Danish Security firm Secunia said it had found two of the bugs and
labeled them “extremely critical” on their Web site.

The most serious flaw could allow malicious attackers to gain complete
control over a victim’s PC, according to Secunia.

Firefox lead engineer Ben Goodger posted the exploits on his blog while
taking an opportunity to swipe at the browser rival.

“If security is important to you, this demonstration should show that
browsers that are redistributions of the official Mozilla releases are never
going to give you security updates as quickly as Mozilla will itself for its
supported products,” he wrote.

News Around the Web