ad info

CNN.com
 MAIN PAGE
 WORLD
 ASIANOW
 U.S.
 LOCAL
 POLITICS
 WEATHER
 BUSINESS
 SPORTS
 TECHNOLOGY
   computing
   personal technology
   space
 NATURE
 ENTERTAINMENT
 BOOKS
 TRAVEL
 FOOD
 HEALTH
 STYLE
 IN-DEPTH

 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz

  CNN WEB SITES:
CNN Websites
 TIME INC. SITES:
 MORE SERVICES:
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines
 pointcast
 pagenet

 DISCUSSION:
 message boards
 chat
 feedback

 SITE GUIDES:
 help
 contents
 search

 FASTER ACCESS:
 europe
 japan

 WEB SERVICES:
Computing

From...

More bugs found in Internet Explorer, Navigator

October 14, 1998
Web posted at: 11:10 AM EDT

by Scott Spanbauer

MORE COMPUTING INTELLIGENCE
  IDG.net home page
  PC World home page
  FileWorld find free software fast
  Make your PC work harder with these tips
 Reviews & in-depth info at IDG.net
    IDG.net's desktop PC page
  IDG.net's portable PC page
  IDG.net's Windows software page
  IDG.net's personal news page
  Questions about computers? Let IDG.net's editors help you
  Subscribe to IDG.net's free daily newsletter for computer geniuses(& newbies)
  Search IDG.net in 12 languages
 News Radio
  Fusion audio primers
  Computerworld Minute
   

(IDG) -- This has not been a good month for browser security. Late last week independent researchers discovered gaping holes in both leading browsers' JavaScript modules that could grant determined Web hackers access to files and information on the browsing computer. Though they're unlikely to jeopardize your privacy or data, the flaws do pose that risk.

Only days after it posted Navigator version 4.07 to close a nasty JavaScript security hole (the Brumleve or Cache-Cow bug) Netscape Communications has acknowledged yet another gap in the browser's armor: The Injection Bug, also known as Son of Cache-Cow, uses a slightly different technique to perform the same sleight-of-hand-downloading of the list of Web sites and files you've browsed. To make matters worse, the new exploit also reveals the contents of cookies and file directories on your hard disk. Netscape is working on a patch to close the hole for good.

Meanwhile, Spanish security researcher Juan Carlos Cuartango has discovered an even more alarming bug in Microsoft's Internet Explorer 4.01 that allows malicious HTML coders to actually steal files from your hard disk. The only catch is that the Web hacker must know the file's path and file name in advance -- not a problem for key Windows configuration and other sensitive data files. Internet Explorer Product Manager Mike Nichols confirmed that Microsoft is working on a patch for this hole, but couldn't say when it would be posted on the company's Web site.

If you'd rather be safe (and somewhat inconvenienced) than sorry, both companies recommend that you disable your browser's ability to execute JavaScript until a patch is released.

Related stories:
Latest Headlines

Today on CNN

Related IDG.net stories:

Note: Pages will open in a new browser window Related sites:

External sites are not
endorsed by CNN Interactive.

SEARCH CNN.com
Enter keyword(s)   go    help

  
 

Back to the top
© 2000 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.