Navigator cookie security

[oliver () LINEHAM CO NZ (Oliver Lineham)]

More on the topic of Navigator cookie security,

You may recall the discovery in December of a cookie bug affecting
virtually all browsers (including Netscape), relating to the cookie domain
restriction.
(http://homepages.paradise.net.nz/~glineham/cookiemonster.html)

Two points with regards to Netscape/Mozilla:

1)  The bug report page on netscape.com claims that the bug is fixed from
v4.51 (http://help.netscape.com/kb/client/981231-1.html). This is a lie
(see for yourself)

2)  Netscape/Mozilla decided against fixing this security hole, because it
would break Yahoo Mail - who uses sloppy cookie code. Rather than notifying
Yahoo, the fix was simply dropped.

Summary:  All Netscape browsers, past, present, and future, have the bug.

You can read the (lengthy) discussion amongst Netscape engineers on this
issue, on http://bugzilla.mozilla.org/show_bug.cgi?id=8743  (contains both
Bugzilla and Bugsplat comments)

As an aside, versions of IE released since Microsoft was notified, do not
exhibit this bug.

> As Netscape has not acknowledged my email or bug report from last week,

When I contacted them, they never did respond.  At all.  The only way I
knew they got the message was when my friend stumbled over the bug report
page on netscape.com, a few weeks later.

Regards,

Oliver Lineham

___________________________________________________
   v i b e   m e d i a    http://www.vibe.co.nz/
wellington, new zealand    oliver () lineham co nz
phone +64 4 566-0627       facsimile +64 4 570-1900