Bell Labs uncovers JavaScript bug
This week's browser bug is brought to you courtesy of Bell Labs, where a researcher discovered what is being described as a "significant flaw" in the JavaScript language used in World Wide Web browsers from Microsoft Corp. and Netscape Communications Corp. Both Netscape and Microsoft are working on fixes for the problem. Netscape already has a bug fix on its Web site for Navigator 3.x and will post a fix for Communicator 4.0 next week, according to David Andrews, senior security product manager. "Let's get this straight. This flaw does not allow hackers to gain access to what is held on a user's hard disk," Andrews said. "It allows information being passed between a user and an unscrupulous Web site, such as cookies and [uniform resource locators], to be captured." The flaw, discovered by researcher Vinod Anupam, also enables an unscrupulous Web site to load a Trojan horse and gain access to information a user is filling out on a form on the site, Bell Labs officials explained. "The easiest way to disable the flaw is to turn off JavaScript," said Chris Pfaff, spokesman for Bell Labs. "We actually discovered the flaw on June 24, and we notified both Netscape and Microsoft." Although no incidents of attacks have been reported, this problem highlights credibility concerns about the industry, according to users. "The seriousness of the flaw is almost irrelevant," said Wilton Risenhover, CEO of X-Radio, Inc., a Web-based alternative music store in San Francisco. "I would almost prefer some stability to all this bleeding-edge technology in Java, because every time there is a bug scare, the world just shakes its head and asks when the engineers are going to be able to make the Web safe for us to spend money." However, one analyst wasn't that concerned. "It's good that these bugs are being discovered. What you have to understand is that this is a very immature industry," said Evan Quinn, an analyst at International Data Corp. in Mountain View, Calif. "But I don't think that this is going to bring either Netscape or Microsoft to its knees."
by Niall McKay |
|