Netscape fixes holes in 'security' browser

The update -- which takes Netscape to version 8.0.1 -- was released amid criticism from developers that the initial release of the browser was susceptible to two critical vulnerabilities. The problems were unearthed in version 1.0.3 of the code used to create the Mozilla Foundation's Firefox open source browser and on which the new Netscape version is based. Firefox itself was updated in mid-May to version 1.0.4 to fix the vulnerabilities.

Netscape 8 builds on Firefox by adding features aimed at stopping online scammers and giving users the ability to use Internet Explorer (IE's)'s HTML rendering engine.

The update notification on Netscape's Web site notes version 8.0.1 of Netscape "includes all Firefox security patches up to 1.0.4", and initially listed 44 security advisories. However the company later clarified this to say 41 of those advisories had been addressed in the initial 8.0 release of the browser.

Netscape's general manager Jeremy Liew said upon the browser's release that its key selling point was its security features.

"Security is the sizzle that will get people to use this new browser," Liew said. "I think the Web has become a more dangerous place. The threats of phishing and spyware have become more and more real."

A Netscape spokesperson was not available for comment at the time of print.

• Related stories

• Alerts

Add your opinion

Now if only Microsoft released ...Anonymous -- 20/05/05

Now if only Microsoft released security fixes within 24 hours.

• Reply to comment
• Reply to story
• Report offensive content

Yes but would Microsoft releas ...Anonymous -- 20/05/05

Yes but would Microsoft release a product today with 44 holes that need fixing before it has even hit the street?

I think not their internal and external test processes show their professional software development capablity from where they were previously (Yes years ago this might have been true, but not now). Pity more developers aren't following the same rigid controls. Please read "Writing Secure Code" for some good basics

• Reply to comment
• Reply to story
• Report offensive content

"Yes but would Microsoft ...Anonymous -- 20/05/05

"Yes but would Microsoft release a product today with 44 holes that need fixing before it has even hit the street?"

Yes. And then it would patch some of them in the following months, but would never patch them all.

• Reply to comment
• Reply to story
• Report offensive content

Until everyone can write their ...Anonymous -- 20/05/05

Until everyone can write their own OS and software (which will never happen) there will always be security issues, probably the best defence is to issue browsers which allow you the option of switching off the browser identifying itself.

• Reply to comment
• Reply to story
• Report offensive content

44 bugs as yet undiscovered ma ...Anonymous -- 20/05/05

44 bugs as yet undiscovered maybe, but not known bugs. Be sensible here they should have pulled the product, waited until it was patched and tested (internal and external labs), maybe some code reviews, the many eyes of open source had a look and then released it

• Reply to comment
• Reply to story
• Report offensive content

John, You are such a genius. ...Anonymous -- 21/05/05

John,
You are such a genius. I think you should be (are?) working as a consultant. Really, I am sure they did all the tests they could come up with and then released. Upon release someone in the community probably mentioned that FF had made all these changes in 1.0.4 and they were based on 1.0.3...
So they knocked out some changes, quick. Unlike micosnot.

• Reply to comment
• Reply to story
• Report offensive content

Weren't just three holes fixed ...Anonymous -- 21/05/05

Weren't just three holes fixed ? Many of the 44, vulnerabilities reported appear to be fixes found in version 8 not present in prior versions. Either their web site is unclear or its this article.

I think Netscape deserves credit for:

Addressing security with safer defaults

Providing a reasonable balance of functionality (including active x) for trusted sites only (by default) and security in an easy to use fashion.

Fixing their error promptly. Lets face it the vulnerabilities should have been fixed before release, however, the browser updates automatically be default fixing the problem before almost anyone was exposed WHILE still providing default controls to help with systemic security problems possed by spyware and malicious scripts.

I am a big Firefox fan, however, Netscape has taken Firefox further. Criticism from Firefox regarding slowness of updates may be a little harsh. I listened to complaints for days about their being no fix for the Firefox 1.03 vulns. What about exposure during that time ? The sad truth is that active X is necessary on some sites but not needed on others and people with out a browser that helps balance these needs will use a combination of IE and Firefox .. not firefox exclusively . Some protection is better than IE alone at the moment.

We will need to wait and see if Netscape has any vulns of its own (rather than just Firefox rehashes) but, for the moment, good work Netscape for incorporating some security controls that many in the security community have been clamoring for sometime.

• Reply to comment
• Reply to story
• Report offensive content

Now If only Netscape didn't in ...Anonymous -- 21/05/05

Now If only Netscape didn't include a mail program, but was like the FireFox Plug-in that allows most Webmail to be used instead, that would be great. Why? Because for some reason the Netscape site won't allow me to set-up a free account to only forward to my 2-gig Webmail addresses. Maybe it's some of the software that comes with V-Com SystemSuite 5? I allowed Netscape through the GhostSurf or at least I tried to, so I don't know what to try next. Come to think of it I had a friend who wanted to check his AOL Webmail, but I couldn't get through to it. He had to use the PC that still had Norton's SystemWorks 2003 on it instead, since my Linux PC didn't work with AOL either. Can we all shout why can't software work together more easily?

• Reply to comment
• Reply to story
• Report offensive content

"Upon release someone in ...Anonymous -- 21/05/05

"Upon release someone in the community probably mentioned that FF had made all these changes in 1.0.4 and they were based on 1.0.3... "

Sorry mate but this doesn't make it better it is worse. It shows no change control, proper testing an release procedures, basically a poor development environment. There is more to software development than just churning out code

• Reply to comment
• Reply to story
• Report offensive content

opinion Anonymous -- 28/05/09

The browser is going to be the OS of Web 2.0 and beyond. How can Google let someone else have control of the market without making any effort to enter it. But this is definitely a project which has been very successful in keeping itself secret. Everybody knew about Gphone http://www.frogmix.com/search/Gphone before Andriod was released . But chrome was nowhere to be heard of before Philipp Lensenn received the comic book.

• Reply to comment
• Reply to story
• Report offensive content

• Just In

• Most Popular

• Most Discussed

Reader Services

Popular Topics

Essentials