Hopefully, Netscape hasn't started pressing CDs yet. The "final" release of Communicator (v.4.02, the third since the suite became available on the Net in June) has a security bug that allows malicious sites to track the activities of visitors.

Andre Dos Santos, a graduate student at the University of California, says he has discovered several JavaScript flaws in Communicator 4.01a and 4.02. The bugs allow a hacker to grab data that's input by Communicator users, such as passwords and credit card numbers.

Netscape security group leader Taher Elgamal confirmed that the bug exists today and hopes to have more information soon