Screaming Penguin - Source Does Matter

Mozilla (which IS Netscape) versions prior to 0.9.7 are apparently vulnerable to malicious website operator code that allows cookies on the local system to be retrieved. This is not a huge risk if websites use cookies properly (after all they are clear text and not at all protected in general.) However, many many websites and website operators are negligent (or just plain dumb) and store usernames and passwords in clear text cookies that identify the site. Combine that with the fact that most users use the same username and password (or some semblance) for EVERY site and there could be big problems if the cookies are exposed.

To eliminate this risk get the latest Mozilla (0.9.8 plus nightly build.) It works fine and fixes a few javascript issues also.

Also if you are a software developer or website operator, DONT USE COOKIES. If you MUST use cookies for some silly feature like "auto login" (which is a bad idea in my opinion) then DONT store the password in clear text in the cookie. For other stuff, DONT USE COOKIES, use server side. Users can create their own "auto login" features without cookies. Modern browsers do this AND have security settings and encryption to protect information. Drop the cookies altogether and put up a "howto" page for saving this information in a more secure manner by explaining to the user how to use their browser to do this.

For more info on this exploit see the linked register story.   Cookie Monster Netscape and Mozilla vulnerabilty: theRegister