Critical Flaw Found in Netscape

A "highly critical" unpatched vulnerability in the Netscape browser could potentially allow hackers to compromise Internet users' systems, according to an advisory from a Danish security firm.

The buffer overflow vulnerability could cause the browser to crash. In addition, hackers could create Web sites to exploit the flaw, executing code of their choice on visitors' computers to gain access to users' systems, security company Secunia warns.

The vulnerability has been confirmed in Netscape version 7.2 and has been reported in version 6.2.3, according to the advisory, released late Tuesday. Other versions may also be affected, it says.

Secunia advised Netscape users to switch to another browser until the vulnerability is patched, labeling it "highly critical."

Similar Flaw Found

The vulnerability is related to a previously reported flaw in the Mozilla browser, which shares some code with Netscape, Secunia Chief Technology Officer Thomas Kristensen says. The Mozilla vulnerability has already been patched, he says.

"It's been a while since Netscape has been patched so there's reason to be concerned," Kristensen says.

It is a severe problem because there is no effective workaround, he adds.

Representatives for Netscape, in Mountain View, California, weren't immediately available for comment on Wednesday.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon