Note 1: This weakness (very short key length) which allowed those particular attacks are imposed to Netscape by the stupid US ITAR regulation. So the situation could improved if strong crypto (good software, large keys, no escrows) finally become legal... It's up to YOU !
Note 2 This weakness was due to bad programming (and IMO bad policy by trying to achieve security through obscurity), but is somehow only a ``bug'' and Netscape promised to fix it and to have the code examined by experts. So maybe we will have a good common use crypto software some day... Let's note that free implementations, with source available (aka PGP or free SSL from Leay,...) are probably even better and safer.
Or, funnier, follow there
to see my Animated Crash ! (client pulled).
(This does not `work' if you use a proxy/cache configuration (check the preferences/proxies in option menu) or newest Netscape)
This problem is potentially very dangerous, because you might be able
to make netscape execute anything by appropriatly trashing its
stack (instead of making the simple crash you can experience
above). A demonstration is being worked upon...
Note that a lot of other browsers share this bug (Lynx, Arena, Mosaic,...) and that you might crash your proxy server too, following those url !
New York Times article or Wall Street Journal's about that new bug.
Learn more here!
Netscape finally released a statement that looks good: Netscape official position. Congrats!
For the first problem, see ITAR pages for fixes (that is lobbying to allow through privacy)...
Netscape fixed the last two bugs, so If you have a netscape copy older than Sept 95 (ie 0.9, 1.0, 1.1 for all platforms or 1.2beta for Windows) then Get the latest here ! (slow netscape pages) or directly FTP on Swedish (ftp.sunet.se:/pub/www/Netscape/netscape) mirror (If you are in Europe)
You might want to have a look at http://http.cs.berkeley.edu/~gauthier/endpoint-security.html for a discussion on other kind of attacks...