The Test Center highlights noteworthy PC components that came through the lab so far this year. Manufacturers' ability to build components that support both quad- and dual-core hardware platforms continues to impress us.
Acer's latest Aspire Gemstone laptops come just in time for the holiday shopping blitz, targeting consumers with a range of entertainment-focused models.
It's been a busy quarter for shakeups in some of the industry's top channel companies. Here we look at several channel executives who have come and gone in the last few months.
Critical Flaws Open Up Firefox 2.0x To Attack
7:04 PM EDT Wed. Jul. 02, 2008
Researchers at Secunia, a Copenhagen, Denmark-based security company specializing in vulnerability assessment and management, issued a security advisory Wednesday, warning users of multiple errors they deemed "highly critical."
If exploited, the critical vulnerabilities could potentially allow remote attackers to conduct cross-site scripting and spoofing attacks, bypass security restrictions, disclose sensitive or system information, potentially compromise a user's system, access a user's system or launch a denial of service attack, according to the advisory.
In order for the attack to be successful, a hacker would have to entice or trick a user into viewing a malicious Web page or downloading a file infected with malicious code. However, users are only susceptible to exploitation if they're running versions prior to 2.0.0.15, the advisory warned.
Altogether, the vulnerabilities include multiple memory corruptions errors in the layout and JavaScript engine, a flaw in the handling of unprivileged XUL documents, and a bug in the "mozIJSSubSciptLoader.LoadScript" function that allows remote attackers to run arbitrary code with Chrome privileges.
Other errors can only be successfully exploited if an add-on using the affected function is installed. Those include multiple flaws in the block reflow process, the processing of file URLs contained within local directory listings, errors in the implementation of the JavaScript same origin policy and a glitch in the JAR file verification.
Additional errors can be found in the implementation of file upload forms and in the implementation of Java LiveConnect on Mac OS X. An uninitialized memory access error in the process of improperly encoded "properties," and flaws in the processing of "Alt Names" provided by peer trusted certificates and in the handling of Windows URL shortcuts also enable attackers to launch spoofing attacks or to access sensitive information.
Security experts recommend that users apply the latest version of Firefox, 2.0.0.15, onto their computers in order to protect themselves from attack, which can be downloaded from the Mozilla Website.
