Security News > 1999 > October > IE5 security bugs prevent 5.01 release
From: "Noonan, Michael D" (Courtesy of Paul Thurrott's WinInfo e-newsletter) Buggy IE 5 causing fits for Microsoft It may be the dominant Web browser and the overwhelming technological champion, but Internet Explorer 5.0 is causing fits for Microsoft Corporation. Bug after bug has plagued the Web browser since its release in March, and now, just six months later, its seems a week doesn't go by without some new problem cropping up. This week, IE 5.0 was hit by not one, but two new bugs, one of them fairly surface. And a reeling Microsoft can't seem to ship IE 5.01--which will include a massive collection of bug fixes--soon enough. Bug-tracking Web site BigFix (http://www.bigfix.com) has identified what it describes as a "serious" bug, which can compromise the security of PCs on a local network, even if they're behind a firewall. Using a security hole in Internet Explorer 5.0, malicious intruders would be able steal files off of a computer from over the Internet. BigFix recommends that users disable Active Scripting as a temporary workaround, since Microsoft has yet to come up with a fix. The company says, however, that a patch will be posted to its Security Web site as soon as its available: http://www.microsoft.com/security/default.asp Meanwhile, another bug site, BugNet (http://www.bugnet.com), has identified another, less serious, bug in Internet Explorer that could cause problems with XML, the eXtensible Markup Language that many Web sites are beginning to use. Microsoft's HTML rendering engine in Internet Explorer can strip quotes out of HTML attribute strings in certain situations, rendering them incompatible with the new XML standard. Microsoft is aware of the problem, though they've been mum about any potential fixes. If you're using Internet Explorer 5.0, you might want to make sure that your install has the latest bug fixes installed. To do, visit Windows Update (if you're a Windows 98 or 2000 user) or the Microsoft Security Web site. Netscape releases Communicator 4.7 Netscape Communications released the latest version of its Web browser suite, Communicator 4.7, this week. Communicator 4.7, which ships in a variety of editions, is a free collection of software that allows users to browse and communicate over the Internet. New to version 4.7 is a "Shop" toolbar button, which directs the user to Shop () Netscape, the company's new eCommerce portal. Despite the recent release of the suite, it includes some oddly out of date components, such as older versions of AOL Instant Messenger and RealAudio. But the new version is also the first to bundle WinAMP, a free multimedia player that plays MP3 audio files. Communicator 4.7 also includes a new version of Netscape Radio, the online radio service that allows you to listen to live streaming audio over the Internet. Do download Netscape Communicator 4.7, please visit the Netscape Web site: http://www.netscape.com/computing/download/ ISN is sponsored by Security-Focus.COM