|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||
Editions | myCNN | Video | Audio | Headline News Brief | Feedback | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Microsoft, Netscape battle over browser hole
(IDG) -- Microsoft Corp. and Netscape Communications Corp. are at odds over who is to blame for a browser-related security hole that could make Web sites vulnerable to attack from hackers. Netscapeās Communicator browser includes JavaScript, a scripting language that enables Web authors to create interactive Web sites. It is supported by script from Microsoftās rival browser, Internet Explorer (IE). However, some IE scripts that are meant to be accessed only by the user are exposed to attack in the Communicator browser, a Microsoft official and an independent analyst confirmed Friday.
Microsoft said it is up to Netscape to protect the privacy of the scripts in Communicator, no matter where they originated. "The Microsoft Internet Explorer security model allows a Web site to run any script or program that it trusts," said Scott Culp, a Microsoft security program manager. "The program exposes some fairly powerful functionality that allows a hostile Web site to glean information from a userās machine." Netscape places the blame for the security hole firmly at Microsoftās door. "Itās only the installation and use of Internet Explorer that leave the user vulnerable," said Eric Krock, a Netscape group manager for tools and components. One security analyst agreed and said Microsoft should fix the bug itself. "Microsoft built the architecture that made [the hole] possible," said David Perry, a spokesman for antivirus software vendor Trend Micro Inc.
However, Microsoft said it is Netscapeās responsibility to protect the script from attack. "The real problem is Netscape Communicator taking a powerful script and putting it out on your computer in a locale where any Web site can find it out and run it," Culp said. No incidents of a breach of the hole have been reported. RELATED STORIES: Netscape 6: A lean, mean browsing machine RELATED IDG.net STORIES: IE and Navigator patch things up RELATED SITES: Web Standards Project | |||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Back to the top |
© 2001 Cable News Network. All Rights Reserved. Terms under which this service is provided to you. Read our privacy guidelines. |