Webware

Mozilla on Wednesday released an update to the Firefox Web browser that its developers said fixes eight security issues found in Firefox 3.0.6, six of which were rated critical.

The most serious of the vulnerabilities fixed in version 3.0.7 for Windows, Mac, and Linux could allow attackers to run arbitrary code on a victim's computer, Mozilla warned in security advisories Wednesday.

The six critical flaws affect the browser's garbage collection--which monitors how Firefox modules use the computer's memory--as well as the browser's PNG libraries and in the layout and JavaScript engines.

Mozilla developers said they weren't sure the layout and JavaScript flaws could be exploited.

"Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code," Mozilla said in an advisory.

Updates for Windows, Mac OS X, and Linux are available at the Mozilla site. Firefox 3 users will receive an update notification within 48 hours, or they can download the update manually by selecting "Check for Updates" from the Help menu.

The update--Mozilla's second this year--comes as Firefox continues to chip away at Internet Explorer's market dominance. Mozilla now has 21.77 percent of the global browser market share, compared with IE's 67.44 percent, a drop of more than 7 percentage points in a year, according to figures from Web metrics company Net Applications.

Mozilla on Tuesday released an update to Firefox for Windows, Mac, and Linux that its developers said addresses several security and stability issues in the Web browser.

Version 3.0.6 fixes six bugs, the worst of which is a JavaScript issue affecting the browser's layout engine that developers labeled as critical. The vulnerability, which also affects Mozilla's Thunderbird e-mail client and SeaMonkey Internet Suite, could allow an attacker to run unauthorized code on exploited machines, Mozilla said.

The update improves how scripted commands, such as those included with Adblock Plus, work with plug-ins. It also addresses display issues, Mozilla said.

The update comes as Firefox continues to chip away at Internet Explorer's market dominance. Internet Explorer now has 67.55 percent of global browser market share, a drop of more than 7 percentage points in a year, according to figures from Web metrics company Net Applications released Monday. Mozilla's Firefox browser, meanwhile, has gained market share in the same time frame, climbing more than 3 percentage points to 21.53 percent.

On Monday Joop Dorresteijn, contributing editor at The Next Web, unveiled a vulnerability in Google-owned feed tracking service Feedburner that lets anyone with some basic copy and paste skills and a Netvibes account pump up their blog subscriber numbers into the hundreds of thousands.

The "hack" is a two step affair, involving first tweaking an OPML file that lists your subscriptions, then subscribing to said feed in a simple feed-aggregation tool like Netvibes or My Yahoo. The data will then be fed through Feedburner's counters overnight, with the freshly increased numbers showing up the next morning.

Google is likely to fix the loophole by changing the way subscriptions are counted, either by tracking it on a per-service basis or using a more extensive security system that links up each subscription to a central account system. In the meantime the easiest way to spot blogs that have done this will likely be to keep an eye on abnormally large influxes of subscriptions within a 24-hour period.

You can see a video of how to do this with your own blog below, just keep in mind Google is likely to patch this shortly, although it has yet to acknowledge the vulnerability in the company's Feedburner product blog.

Microsoft issued a security advisory late Tuesday that malicious attackers are targeting versions of its Office Excel with vulnerabilities.

Microsoft Office Excel 2003 with Service Pack 2; Excel Viewer 2003; Excel 2002; Excel 2000; and Microsoft Excel 2004 for the Mac are affected by the security vulnerabilities, according to the advisory.

People who open a malicious e-mail attachment or visit a malicious Web site may find that their systems are compromised and that arbitrary remote code is executed. Computers configured to allow the user to have administrative user rights are at greater risk that those with few user rights on the system.

Microsoft said it is still investigating the security vulnerabilities but noted the attacks appear to be targeted and not widespread, according to its security blog.

-- IE 7 reaches 100 million users. Even with all those users, it still comes in second to Internet Explorer 6, which makes sense considering IE6 is the default browser on nearly every single PC. (News.com)

-- Google plugs account hijack holes. The vulnerabilities in question affected both Google Documents and GMail, giving hackers full access to your e-mail and spreadsheets. (News.com)

-- Report: Apple to charge some Mac users for wireless technologies. 802.11n, the next-generation wireless protocol, has secretly been shipping in Apple's computers for the past several months, but that functionality hasn't been turned on. Apple is reportedly planning to charge users $4.99 for an installer that will enable the 802.11n functionality on their Macs. (News.com)

-- British band's breakthrough another online victory. The relatively unknown band Koopa, came in at no. 31 on the U.K. pop charts due to the new system that counts digital downloads instead of just CD sales. (News.com)

-- AOL phisher faces up to 101 years in prison. Phisher Jeffrey Brett Goodin will spend the rest of his life in prison after being convicted of fraudulently pretending to be AOL's billing department. This is also the first conviction by jury of the Can-Spam Act of 2003. (News.com)