 |
|
| technology > computing |
![[CNN Money]](http://i.cnn.net/cnn/images/main/fn.logo.newsnet.gif){kind=logo}
![[SI.com]](http://i.cnn.net/cnn/images/main/si.logo.gif){kind=logo}
( | |
 |
|
| |
| |
EDITIONS: | |
MULTIMEDIA: | |
E-MAIL: |
Subscribe to one of our news e-mail lists. Enter your address: |
DISCUSSION: |
CNN WEB SITES: |
 |
TIME INC. SITES: |
CNN NETWORKS: |
|
SITE INFO: |
WEB SERVICES: |
MS, Netscape battle over browser bug
|
(IDG) -- Microsoft and Netscape Communications are at odds over who is to blame for a browser-related security hole that could make Web sites vulnerable to attack from hackers.
 | MESSAGE BOARD | |
|
| ||
Netscape's Communicator browser includes JavaScript, a scripting language that enables Web authors to create interactive Web sites and is supported by script from Microsoft's rival browser Internet Explorer (IE). However, some IE scripts which are only meant to be accessed by the user are exposed to attack in the Communicator browser, a Microsoft official and an independent analyst confirmed Friday.
Microsoft said it is up to Netscape to protect the privacy of the scripts in Communicator, no matter where they originated from.
"The Microsoft Internet Explorer security model allows a Web site to run any script or program that it trusts," Scott Culp, a Microsoft security program manager, said today in a telephone interview. "The program exposes some fairly powerful functionality that allows a hostile Web site to glean information from a user's machine."
| MORE COMPUTING INTELLIGENCE |
IDG.net home page
|
| Make your PC work harder with these tips |
| Download free PC software fast |
| TechInformer: The Thinking Internaut's Guide to the Tech Industry |
| IDG.net's products pages |
| Reviews & in-depth info at IDG.net |
| E-BusinessWorld |
| IDG.net's Windows software page |
| Questions about computers? Let IDG.net's editors help you |
| Subscribe to IDG.net's free daily newsletters |
|
Search IDG.net in 12 languages |
Netscape places the blame for the security hole firmly at Microsoft's door.
"The problem is with Microsoft's Internet Explorer," Eric Krock, a Netscape group manager for tools and components, said in a telephone interview. "It's only the installation and use of Internet Explorer that leaves the user vulnerable."
One security analyst agreed and said Microsoft should fix the bug itself. "Microsoft built the architecture that made it (the hole) possible," David Perry, a spokesman for antivirus software vendor Trend Micro, said in a telephone interview.
However, Microsoft said it is Netscape's responsibility to protect the script from attack.
"The real problem is Netscape Communicator taking a powerful script and putting it out on your computer in a locale where any Web site can find it out and run it," Microsoft's Culp said.
No incidents of a breach of the hole have been reported as yet.
RELATED STORIES:
Suspected hacker may face extradition requests
May 9, 2000
Meet the magic man behind the Web's brightest ideas
May 4, 2000
Protecting consumers from lousy software
April 26, 2000
IE 5.5 criticized for lack of Web standards
April 12, 2000
Netscape 6's bold new interface
April 11, 2000
RELATED IDG.net STORIES:
Netscape posts security fix
(PC World Online)
Microsoft denies blame for Netscape browser bug
(IDG.net)
Netscape's new offensive in the old browser war
(The Industry Standard)
Group blasts IE 5.5 for lack of Web standards
(IDG.net)
Netscape 6: A lean browsing machine
(PC World Online)
New weapon bolsters crackers' arsenals
(Computerworld)
Win 2000 at center of security storm
(Network World Fusion)
RELATED SITES:
Netscape
Microsoft
Note: Pages will open in a new browser windowExternal sites are not endorsed by CNN Interactive.