A security flaw in Netscape's Navigator Web browser can allow
hackers to view the information stored in cookies on a user's
computer, according to a security note published on Netscape's Web
site.
The vulnerability affects Navigator versions 6.0 through to 6.2, as
well as version 0.9.6 and earlier versions of the open source
version of Navigator, Mozilla, according to an analysis written by
Marc Slemko, who discovered the bug.
Slemko said the bug can be exploited by causing users to visit a
Web address inserted into HTML code on a Web page or in an
HTML-formatted e-mail. If the user were to view the malicious Web
site, cookies could be stolen off the user's computer, Slemko
said.
Cookies are small data files used by many Web sites to track user
visits, preferences and identity. If a cookie is readable, it can
be used to impersonate the rightful owner of that cookie on a Web
site.
Netscape urges all users of Navigator 6 through 6.2 to upgrade to
version 6.2.1 which does not contain the flaw. Mozilla users should
upgrade to version 0.9.7, which also contains the fix.
Users can upgrade the Netscape browser at
home.netscape.com/computing/download/index.html or Mozilla
at
www.mozilla.org