Microsoft, Netscape battle over browser hole

Microsoft Corp. and Netscape Communications Corp. are at odds over who is

to blame for a browser-related security hole that could make Web sites vulnerable

to attack from hackers.

Netscape's Communicator browser includes JavaScript, a scripting language

that enables Web authors to create interactive Web sites. It is supported

by script from Microsoft's rival browser, Internet Explorer (IE). However,

some IE scripts that are meant to be accessed only by the user are exposed

to attack in the Communicator browser, a Microsoft official and an independent

analyst confirmed Friday.

Microsoft said it is up to Netscape to protect the privacy of the scripts

in Communicator, no matter where they originated.

"The Microsoft Internet Explorer security model allows a Web site to

run any script or program that it trusts," said Scott Culp, a Microsoft

security program manager. "The program exposes some fairly powerful functionality

that allows a hostile Web site to glean information from a user's machine."

Netscape places the blame for the security hole firmly at Microsoft's

door. "It's only the installation and use of Internet Explorer that leave

the user vulnerable," said Eric Krock, a Netscape group manager for tools

and components.

One security analyst agreed and said Microsoft should fix the bug itself.

"Microsoft built the architecture that made [the hole] possible," said David

Perry, a spokesman for antivirus software vendor Trend Micro Inc.

However, Microsoft said it is Netscape's responsibility to protect the

script from attack. "The real problem is Netscape Communicator taking a

powerful script and putting it out on your computer in a locale where any

Web site can find it out and run it," Culp said.

No incidents of a breach of the hole have been reported.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.