Cenzic 232 Patent
Paid Advertising
web application security lab

Netscape - The Future Of Security Flaws

This is a post I’ve been meaning to make for several years now, and I just now got around to doing it. Netscape is one of the few browsers out there that’s old enough to pre-date most of the security people who hack on browsers. It’s got a long trying history, with lots of problems and lots of successes and in a lot of ways it was one of the most influential browsers out there. I owe a lot to my understanding of the web to Netscape in the early days. There’s a lot to be said for the history. But we aren’t living in the past. Let’s talk about now.

Netscape’s new model is not as the role of a browser company, but more as a wrapper around IE and Firefox. Using versions of Firefox and IE, Netscape wraps them in certain ways depending on the user, to give the maximum browsing experience. Netscape has come a long way in terms of installers too, and their bookmarklets are very cool. However, there is a fundamental flaw in their design - they aren’t current.

Because they do not update as quickly as the other browser manufacturers that they wrap they are always behind the times in terms of vulnerabilities. That means any user who uses Netscape is vulnerable to old Firefox vulnerabilities for months longer than they would be if they used Mozilla. I haven’t seen a shift in that mentality in the nearly four years I’ve been meaning to write this and I don’t see it changing any time soon. If you are using Netscape you are wildly behind the security patching process. I’d love to see Netscape fix this and start updating in near-real-time along side their rivals who they wrap. I don’t see them as a serious competitor to Mozilla or IE, but still. I’d rather them not disappear completely from the planet - if only for nostalgia.

9 Responses to “Netscape - The Future Of Security Flaws”

  1. mybeNi websecurity Says:

    Hey, I got the first Weblog XSS Worm based on several new Wordpress 2.2.1 Security Vulnerabilities I found these days.

    Check it out
    cheers benjamin

  2. Tim Says:

    So funny. I think he needs really the attention :p

  3. navairum Says:

    Great post, I remember using netscape navigator in public school, first browser for me!

  4. Ronald van den Heetkamp Says:

    Ah the nostalgia… yes I really miss that big ship wheel they had when launching the browser and the green/blue colors. I really favored it above MSIE that time. Strangely I did not know much about Opera that time, but Opera is pretty old also.

    I had netscape navigator re-installed last year to take a peek at it again, I have a CD full of old browsers, mostly for testing and learning :)

  5. AskTheAdmin Says:

    Yup Netscape was my first browser as well! I loved to be different even then! Take that IE!

    Great post from your friends @ http://www.askTheAdmin.com

    Stop by & Say whats up!

  6. sil Says:

    Man I just visited this website I think it was called webfringe … rs ;) Shoot me an email or jump on efnet and /wii me sir

  7. Me Says:

    Today’s “Netscape” basically has nothing to do with yesterday’s “Netscape”. It’s just a brand that was resurrected by AOL. [See: Brand Necrophilia… http://jwz.livejournal.com/268332.html]

    All the original Netscape brainpower went to Mozilla and other places in the post-Netscape-4.7 days. It’s unfortunate to see what AOL is doing with the name these days…

  8. hackathology Says:

    Same here. I owed a lot to netscape. That was the first browser i ever use when both netscape and microsoft were available at that time. I found netscape much better than microsoft and of course, now time had changed..

  9. Wladimir Palant Says:

    I don’t know much about the original Netscape, but ever since AOL bought it the Netscape brand was only a marketing tool. AOL makes it very clear that it doesn’t care the least about users, so why do security updates? Both Netscape 7.1 and Netscape 7.2 have been advertised as “top notch technology” even when they were over a year behind Mozilla releases (and had the corresponding amount of known security issues). And that was when a few original Netscape developers were still working on it - once AOL outsourced the development things could only get worse. I would prefer if AOL finally let it die. Brand necrophilia…