ad info
   personal technology

 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz

CNN Websites
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines

 message boards





More bugs found in Internet Explorer, Navigator

October 14, 1998
Web posted at: 11:10 AM EDT

by Scott Spanbauer

  PC World home page
  FileWorld find free software fast
  Make your PC work harder with these tips
 Reviews & in-depth info at's desktop PC page's portable PC page's Windows software page's personal news page
  Questions about computers? Let's editors help you
  Subscribe to's free daily newsletter for computer geniuses(& newbies)
  Search in 12 languages
 News Radio
  Fusion audio primers
  Computerworld Minute

(IDG) -- This has not been a good month for browser security. Late last week independent researchers discovered gaping holes in both leading browsers' JavaScript modules that could grant determined Web hackers access to files and information on the browsing computer. Though they're unlikely to jeopardize your privacy or data, the flaws do pose that risk.

Only days after it posted Navigator version 4.07 to close a nasty JavaScript security hole (the Brumleve or Cache-Cow bug) Netscape Communications has acknowledged yet another gap in the browser's armor: The Injection Bug, also known as Son of Cache-Cow, uses a slightly different technique to perform the same sleight-of-hand-downloading of the list of Web sites and files you've browsed. To make matters worse, the new exploit also reveals the contents of cookies and file directories on your hard disk. Netscape is working on a patch to close the hole for good.

Meanwhile, Spanish security researcher Juan Carlos Cuartango has discovered an even more alarming bug in Microsoft's Internet Explorer 4.01 that allows malicious HTML coders to actually steal files from your hard disk. The only catch is that the Web hacker must know the file's path and file name in advance -- not a problem for key Windows configuration and other sensitive data files. Internet Explorer Product Manager Mike Nichols confirmed that Microsoft is working on a patch for this hole, but couldn't say when it would be posted on the company's Web site.

If you'd rather be safe (and somewhat inconvenienced) than sorry, both companies recommend that you disable your browser's ability to execute JavaScript until a patch is released.

Related stories:
Latest Headlines

Today on CNN

Related stories:

Note: Pages will open in a new browser window Related sites:

External sites are not
endorsed by CNN Interactive.

Enter keyword(s)   go    help


Back to the top
© 2000 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.