Netscape has yet to fix a security hole in its Navigator Internet browser that could allow hackers to read information from users' hard discs.
A flaw in the browser's Java implementation that exposes data to malicious applets causes the vulnerability.
It affects all current versions of Navigator up to 4.74 and could be triggered simply by visiting a Web site.
The malicious Java applet can run on a user's PC without their knowledge and turn Netscape into a Web server. It can publish all documents and directories on the local hard disc to any other Internet user who connects to the affected machine.
The hole runs without any download by the user, however, the potential damage is limited because the applet cannot change any files or damage the hard disc.
Netscape has yet to post a fix for the problem but is adamant that the flaw is not repeated in Netscape 6, now in public beta test. Spokesman Andrew Weinstein was reluctant to comment on the issue in any detail. In a prepared statement he said, "Netscape takes all security issues very seriously. We are working to quickly evaluate and address this concern and we plan to make a patch available in the near future."
A company firewall should protect users, but for firms that lack this elementary protection the only fix is to disable Java in Netscape. Iain Franklin of ClickNet Security said, "As a general precaution, automatic Java execution should not be enabled in browsers."