According to a blog posting from F-Secure Corp., its researchers discovered at least four different code-laden...
posts at about 5:00 a.m. eastern time Wednesday.
The attacks appeared in the form of pop-up boxes when visitors viewed certain pages on the Netscape.com site. Screen shots on the F-Secure Web site depict pop-up messages that read, "Tom Way is the sexiest man alive," "this site [expletive]. go here instead," and "Hi to all you diggers out there ;)."
Weinstein said the vulnerability was quickly discovered and addressed Wednesday morning. He said the Netscape team is monitoring the site closely for any further issues, but it has received no reports of any of its users being compromised in any way.
Mikko Hypponen, research director with the Finnish security firm, confirmed that the attack vector was a persistent cross-site scripting vulnerability in the site's newly launched news service, which seeks to emulate community news sites like Digg.com that enable visitors to recommend news articles from around the Web.
"The new Netscape user interface allows end-users to post HTML code that will be viewable by everyone else," Hypponen said. "This allows the user to enter script code and potentially malicious content to the public pages on Netscape.com.
Hypponen said before the issue was corrected, anyone with even a cursory knowledge of creating cross-site scripting exploits could have easily caused harm to Netscape visitors.
"One particularly nasty scenario is when this issue is combined with a browser exploit, for example, the one exploiting the Windows Meta File vulnerability in IE," Hypponen said. "In that case, Netscape visitors with unpatched machines could have their machines hacked."
He also noted that such an exploit could also have been used for phishing attacks.
It's unclear whether Netscape was targeted because of its controversial site redesign. Last month the site migrated away from its long-time portal-like design that emulated sites like MSN.com and Yahoo.com.
While Netscape has claimed that its users have largely approved of the change, a Web petition sponsored by Netscape user Ernie Jenkins was spawned to protest the change. So far it has garnered 1,431 signatures.
"It appears that some of the language in the redirects referred to Digg.com," Weinstein said, "so it's a safe assumption that some of those who posted them were fans of Digg."
Added Hypponen, "Netscape's new 'Digg-like' interface generated lots of interest and apparently somebody tried to stretch the limits of user-controlled content."