Netscape Communications has posted instructions to fix a minor security hole in its Communicator browser, offering a corresponding minor upgrade, and blaming the whole problem on Microsoft.
The two browser powers are at odds over who created a security hole that can apparently let hostile Web sites read the links in your bookmark file and possibly some HTML file attributes on a hard drive.
No incidents of a breach of the hole have been reported.
Also, Netscape encourages people to upgrade their browsers to Communicator 4.73, now available through SmartUpdate and on Netscape's site Microsoft's site does not appear to acknowledge or offer advice regarding the bug. And the rivals differ over who should repair the larger problem.
Rivals Point Fingers
Microsoft says it is up to Netscape to protect the privacy of the scripts in Communicator, no matter where they originated.
"The Microsoft Internet Explorer security model allows a Web site to run any script or program that it trusts," says Scott Culp, a Microsoft security program manager. "The real problem is Netscape Communicator taking a powerful script and putting it out on your computer in a locale where any Web site can find it out and run it."
Netscape places the blame for the security hole firmly at Microsoft's door.
"The problem is with Microsoft's Internet Explorer," says Eric Krock, a Netscape group manager for tools and components. "It's only the installation and use of Internet Explorer that leaves the user vulnerable."
One security analyst agrees and says Microsoft should fix the bug. "Microsoft built the architecture that made it [the hole] possible," says David Perry, a spokesperson for antivirus software vendor Trend Micro.
The updated Communicator 4.73 was unscheduled, because the company is preparing a major upgrade, Netscape 6. That version is now in beta testing and is expected to ship this summer.
Jack McCarthy of IDG News Service contributed to this report.