We’ve heard from AOL about the security issues. Updating to Netscape 8.0.1 makes it as safe as Firefox 1.0.4.
Murdok has learned more about the rampant bugfest in Netscape 8. A spokesperson from AOL provided these details:
Said Andrew Weinstein: “The reason for the update was that we had been misinformed by an external security vendor we had retained that the Firefox 1.0.3 security issues did not affect us.
“Within hours of discovering that the vendor was not accurate yesterday, however, we addressed those issues and posted an updated version of the browser. We will always take immediate action to protect our users from security threats.”
Mr. Weinstein also noted that the updated version of Netscape fixed 3 issues instead of 41 that were not already resolved in the earlier version. So it sounds like a bit of miscommunication, understandable, but one that probably should have been avoided and likely will be in the future.
**********
Netscape claimed its trust features would mitigate the potential for phishing scams, which utilize cross-site scripting. But it appears the engineers missed a few bugs. Forty-one of them as of this morning were listed on Netscape 8’s security alert page.
UPDATE2 – Now, Murdok has learned from AOL this information was incorrect. Of those 41 listed bugs, 38 had been fixed prior to the release of Netscape 8, and should not have been listed on the security alert page.
Three issues, MFSA 2005-42, 43, and 44, were problems that had to be addressed. With the release of 8.0.1, those holes have been closed.
For users brave enough to go back to the past and try Netscape 8, its positive features include a warning system against possible phishing sites, tabbed browsing, site trust control options with automatic updating of trusted sites, and toolbars that can be reduced to a single button on the taskbar.
AOL let most of the Netscape development team go in 2003 after acquiring the browser. Since then, AOL has outsourced Netscape’s development to a Canadian firm. It is hoped they can be more proactive about fixing bugs.
According to the Secunia security firm, 52 percent of bugs in Netscape 7 were never fixed, based on 21 reported advisories for the browser. In light of updated information courteously provided by AOL, Netscape 8.0.1 has been updated proactively.
David Utter is a staff writer for Murdok covering technology and business. Email him here.
