ad info

 
CNN.com  technology > computing
    Editions | myCNN | Video | Audio | Headline News Brief | Feedback  

 

  Search
 
 

 
TECHNOLOGY
TOP STORIES

Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent

(MORE)

TOP STORIES

More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections

(MORE)

MARKETS
4:30pm ET, 4/16
144.70
8257.60
3.71
1394.72
10.90
879.91
 


WORLD

U.S.

POLITICS

LAW

ENTERTAINMENT

HEALTH

TRAVEL

FOOD

ARTS & STYLE



(MORE HEADLINES)
*
 
CNN Websites
Networks image


Microsoft, Netscape battle over browser hole

Federal Computer Week

May 10, 2000
Web posted at: 10:03 a.m. EDT (1403 GMT)

(IDG) -- Microsoft Corp. and Netscape Communications Corp. are at odds over who is to blame for a browser-related security hole that could make Web sites vulnerable to attack from hackers.

Netscapeās Communicator browser includes JavaScript, a scripting language that enables Web authors to create interactive Web sites. It is supported by script from Microsoftās rival browser, Internet Explorer (IE). However, some IE scripts that are meant to be accessed only by the user are exposed to attack in the Communicator browser, a Microsoft official and an independent analyst confirmed Friday.

  MESSAGE BOARD
 

Microsoft said it is up to Netscape to protect the privacy of the scripts in Communicator, no matter where they originated.

"The Microsoft Internet Explorer security model allows a Web site to run any script or program that it trusts," said Scott Culp, a Microsoft security program manager. "The program exposes some fairly powerful functionality that allows a hostile Web site to glean information from a userās machine."

Netscape places the blame for the security hole firmly at Microsoftās door. "Itās only the installation and use of Internet Explorer that leave the user vulnerable," said Eric Krock, a Netscape group manager for tools and components.

One security analyst agreed and said Microsoft should fix the bug itself. "Microsoft built the architecture that made [the hole] possible," said David Perry, a spokesman for antivirus software vendor Trend Micro Inc.

MORE COMPUTING INTELLIGENCE
IDG.net   IDG.net home page
  Standards? What standards?: Microsoft does an about-face
  Internet Explorer 5 survival guide

However, Microsoft said it is Netscapeās responsibility to protect the script from attack. "The real problem is Netscape Communicator taking a powerful script and putting it out on your computer in a locale where any Web site can find it out and run it," Culp said.

No incidents of a breach of the hole have been reported.




RELATED STORIES:
Netscape 6: A lean, mean browsing machine
April 5, 2000
Netscape unveils browser
April 5, 2000
Sun-Netscape Alliance goes wireless
February 2, 2000
Netscape takes on Yahoo with open-source model
January 5, 2000
Security hole found in Netscape mail system
December 16, 1999
Take a peek at Communicator 5.0
November 29, 1999
Zona declares Microsoft winner in browser war
November 10, 1999
The battle of the browser sidekicks
July 29, 1999

RELATED IDG.net STORIES:
IE and Navigator patch things up
PC World
Minor Web security threat surfaces
Federal Computer Week
Last rites and fixes for the 4.0 browsers
PC World
Internet Explorer 5 survival guide
PC World
CERT warns of malicious code on Web sites
Computerworld
What your browser doesn't tell you might hurt you
InfoWorld
Standards? What standards?: Microsoft does an about-face
The Industry Standard
JavaScript comes of age
Sunworld

RELATED SITES:
Web Standards Project
Microsoft IE Product Support Page
Netscape Navigator Product Support Page

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

 Search   

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.