Back when the Beta version of Netscape 8 was released to the public, I stated in a previous blog entry, that:
The plugin used to access Internet Explorer’s rendering engine opens Netscape 8 to the same security vulnerabilities Internet Explorer has, regardless of what rendering engine is being used.
To further explain this, there is a file in the plugins folder called npTrident.dll. The name of Internet Explorer’s rendering engine is Trident. If you enter about:plugins in Netscape 8 you’ll see that the trident plugin is enabled for the MIME types text/HTML, text/plain, text/xml and application/xml. Any website that detects you are using Netscape 8, could use an <embed> to feed you an Internet Explorer exploit, even if you’re surfing in the Firefox mode.
Well apparently this vulnerability has been fixed in the final release of Netscape 8.0. (currently at 8.0.1)
For more info see http://www.stonie.co.uk/nsbvuln.html
1 Response
Comments are closed.