More on the topic of Navigator cookie security,
You may recall the discovery in December of a cookie bug affecting
virtually all browsers (including Netscape), relating to the cookie domain
restriction.
(http://homepages.paradise.net.nz/~glineham/cookiemonster.html)
Two points with regards to Netscape/Mozilla:
1) The bug report page on netscape.com claims that the bug is fixed from
v4.51 (http://help.netscape.com/kb/client/981231-1.html). This is a lie
(see for yourself)
2) Netscape/Mozilla decided against fixing this security hole, because it
would break Yahoo Mail - who uses sloppy cookie code. Rather than notifying
Yahoo, the fix was simply dropped.
Summary: All Netscape browsers, past, present, and future, have the bug.
You can read the (lengthy) discussion amongst Netscape engineers on this
issue, on http://bugzilla.mozilla.org/show_bug.cgi?id=8743 (contains both
Bugzilla and Bugsplat comments)
As an aside, versions of IE released since Microsoft was notified, do not
exhibit this bug.
>As Netscape has not acknowledged my email or bug report from last week,
When I contacted them, they never did respond. At all. The only way I
knew they got the message was when my friend stumbled over the bug report
page on netscape.com, a few weeks later.
Regards,
Oliver Lineham
___________________________________________________
v i b e m e d i a http://www.vibe.co.nz/
wellington, new zealand [EMAIL PROTECTED]
phone +64 4 566-0627 facsimile +64 4 570-1900
