Netscape has admitted that versions of its Navigator browser could expose users to malicious websites.

According to a security note published on Netscape's website, Navigator Versions 6 through to 6.2 contain a security flaw that could allow a malicious website to read the cookies that another site has stored on a user's computer.

The vulnerability also affects version 0.9.6 and earlier versions of the open source version of Navigator, Mozilla.

Netscape encourages all users of Navigator 6 through 6.2 to upgrade to version 6.2.1, which it said does not contain the flaw. The vulnerability does not affect users of Netscape Communicator 4.x, the company said.

US researcher Marco Slemko, who discovered the flaw, said that the bug in Mozilla allows an attacker to steal a user's cookies for any given domain if the attacker can convince the user's browser to load a given URL.

"It does not require that active scripting is enabled in the browser and can be done with something as simple as an image tag, allowing for hassle free use in HTML email and web-based email services," said Slemko.

He claims to have first reported the bug to Netscape in November 2001.