Tech Alert Briefing for 1/30/2002
Netscape Browser Vulnerable to Cookie Theft
A flaw was recently discovered in Netscape 6 through 6.2 versions of the Netscape browser. Thevulnerability could enable an attacker to potentially gain access to the user's authentication credentials stored in a cookie. With access to these credentials, an attacker may masquerade as an authorized user and execute transactions with the same privileges as the authorized user.Netscape reports that there are no known instances of this flaw being exploited.
This issue does not affect users of Netscape 6.2.1, which is currently available for download, nor does it effect users of Netscape Communicator 4.x versions. Netscape users of versions 6 through 6.2 should upgrade to the recently released Netscape 6.2.1 browser.
Previous Tech Alerts:
01/28/02 "My Party" Mass Mailing Worm
01/18/02 IT Contingency Planning Guide, Information Security Checklist and Solaris Vulnerability
01/15/02 Trojan.StartPage Alters Web Browsers
01/12/02 New Internet Worm Gigger Masquerades as Microsoft Outlook Upgrade
01/08/02 Microsoft Universal Plug and Play Vulnerability
12/20/01 Holiday Themed Computer Virus Unleashed
First published on 01/29/2002