A security flaw in Netscape's 4.0 Web browsers--including the just-released Communicator 4.5 beta--was discovered this week. The bug allows malicious Java applets to disable the browser's security settings, making the user's system vulnerable to attack.
"The potential consequences are as severe as they could be," said Edward Felten, director of Secure Internet Programming, the group that found the flaw. "Once you penetrate the security of the browser, then there isn't \[any\] more protection. Someone can write an applet that can seize control of the victim's machine and delete or modify files, spread viruses, or whatever."
Netscape is not aware of any actual abuse of the flaw, which requires extensive knowledge of Java programming.
"It's not trivial," said Eric Byunn, the group product manager for Communicator. "You would have to be a very sophisticated Java programmer."
Netscape will patch the hole with a future release of Communicator 4.x. It will also be fixed in 4.5.
For more details, please visit the Secure Internet Programming Web site