Tech Alert Briefing for 1/30/2002
Netscape Browser Vulnerable to Cookie Theft
Web sites use cookies to store user information and possibly authentication credentials used for session management making it easier for users to to move efficiently across the Internet without having to remember usernames and passwords to sites they visit. While cookies allow a great many benefits, users must remain vigiliant to potential vulnerabilities that could comprise security.
A flaw was recently discovered in Netscape 6 through 6.2 versions of the Netscape browser. Thevulnerability could enable an attacker to potentially gain access to the user's authentication credentials stored in a cookie. With access to these credentials, an attacker may masquerade as an authorized user and execute transactions with the same privileges as the authorized user.Netscape reports that there are no known instances of this flaw being exploited.
This issue does not affect users of Netscape 6.2.1, which is currently available for download, nor does it effect users of Netscape Communicator 4.x versions. Netscape users of versions 6 through 6.2 should upgrade to the recently released Netscape 6.2.1 browser.
Previous Tech Alerts:
01/28/02 "My Party" Mass Mailing Worm
01/18/02 IT Contingency Planning Guide, Information Security Checklist and Solaris Vulnerability
01/15/02 Trojan.StartPage Alters Web Browsers
01/12/02 New Internet Worm Gigger Masquerades as Microsoft Outlook Upgrade
01/08/02 Microsoft Universal Plug and Play Vulnerability
12/20/01 Holiday Themed Computer Virus Unleashed