Sign up for the Security newsletter

Son of Cache-Cow strikes back at Netscape

By Sally Watson on 9 October 1998 17:13

NEWS Netscape's software upgrade designed to plug the security hole in its Navigator browser is also faulty according to Dan Brumleve, the consultant who discovered the first bug. Netscape released Navigator 4.07 on Monday as a fix for security problems dubbed 'Cache-Cow' by Brumleve. The bug allowed a hacker to inject foreign JavaScript code into Web documents enabling them to steal the contents of a user's cache. But Brumleve claims Netscape has failed to fix the problem properly, and has posted a JavaScript program on his Web site to prove the Cache-Cow problem still exists. He has also written other JavaScripts proving that the security flaw could allow a hacker to steal cookies or the contents of a surfer's local drive. Netscape has posted a security update on its Web site confirming the hole in its latest release, and says it will post a fix as soon as possible.

Post your comment

In order to post a comment you need to be registered and logged in.

You can also log in with Facebook. Log in or create your silicon.com account below

  • Login

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy.

Questions about membership? Find the answers in the Membership FAQ

Get silicon.com's daily newsletter

  • Register on silicon.com

    Enter your email to register

Keep in touch with silicon.com

silicon.com newsletters