The Mozilla Foundation has released security updates to fix multiple flaws that could result in system hijacking in its open-source Firefox browser, Thunderbird email client and SeaMonkey Internet applications suite.

The bugs, deemed critical, are detailed in Mozilla’s Security Advisory 2007-12. They include multiple vulnerabilities in Mozilla’s Layout Engine and in its JavaScript engine that can result in memory corruption and lead to system takeover or DoS (denial of service). The function of a layout engine is to handle content such as HTML, XML, image files and applets as well as formatting information including CSS (Cascading Style Sheets) and presentational HTML tags. The layout engine displays the formatted content on-screen, filling in the browser’s content area.

Microsoft officials said two partner companies are adopting the .Net Micro framework for their device and processor support.

At its TechEd 2007 show, Microsoft announced that it is enabling embedded systems developers by porting the .Net Micro Framework to Analog Devices’ Blackfin processors.

The .Net Micro Framework brings the modern programming paradigm of Microsoft’s .Net environment to the embedded world, Colin Miller, product unit manager of the .Net Micro Framework, said in an interview with eWEEK. The .Net Micro Framework expands Microsoft’s embedded offerings into a new market of devices that are based on low-cost 32-bit processors and are constrained in terms of memory, battery power or other resources, he said.

Proposion Software announced Proposion On Demand, a new product that enables Lotus Notes users to connect with Microsoft SharePoint directly from their desktops. From their Notes client, users can effortlessly archive or migrate Notes content including emails and other documents. This functionality will be available via LotusScript and can be easily incorporated into any Notes/Domino application.

Microsoft has given a formal name to its next version of Visual Studio and said a second beta is upcoming.

At its TechEd 2007 conference, Microsoft announced that the next version of Visual Studio, which has been known by the code name "Orcas," has been dubbed Visual Studio 2008.

Microsoft is raising the stakes in the Web conferencing space by broadening and deepening the capabilities of its Live Meeting Web conferencing service.

The company, which introduced the new version of Live Meeting at its TechEd developer conference in Orlando, Fla., June 4, is a relative late entrant into a highly competitive market. So as it squares off against the likes of Cisco, which recently bolstered its own offering with the acquisition of WebEx, Microsoft is focusing on its core strengths, such as ease of use.

Saying that an Internet Information Server exploit is due to a feature, not a flaw, Microsoft has published exploit code for the flaw but no workaround or patch. (Microsoft has removed the exploit code since this story first posted, saying that it was posted inadvertently.)

The exploit, which was discovered on Dec. 15, 2006, and made public at the end of May, works against IIS 5.x. By design, versions 5.x allow bypass of basic authentication by using the "hit highlight" feature. The hit-highlighting feature can be used by an unauthorized user to grab documents to which he or she has no privileges.

Business leaders rank the importance of securing their own data above securing their customers’ data, according to a recent survey of IT executives.

Customer data ranks third on the list of items business leaders worry about protecting from data breaches, according to a poll of 649 IT executives for a study by the Ponemon Institute. Intellectual property and confidential business information took top billing.

Microsoft and Linux distributor Xandros announced a technical and legal collaboration, the latest step in the software giant’s ongoing program to partner with open-source companies.

Over the next five years, the two companies said, they will work on improving interoperability between their servers to improve systems management.

The pact calls for Microsoft to provide patent covenants for Xandros customers that ensure they are not infringing on Microsoft’s intellectual property, according to the companies.

Xandros will also ship software for desktop productivity applications that translates between the Open Document Format and OpenXML, which is Microsoft’s own document format.

Last month, venture capitalist Fred Wilson drew a lot of attention on the Internet when he declared a 21st century kind of bankruptcy. In a posting on his blog about technology, Wilson announced he was giving up on responding to all the email piled up in his inbox.

"I am so far behind on email that I am declaring bankruptcy," he wrote. "If you’ve sent me an email (and you aren’t my wife, partner, or colleague), you might want to send it again. I am starting over."

College professors have done the same thing, and a Silicon Valley chief executive followed Wilson’s example the next day.

The supposed convenience of electronic mail, like so many other innovations of technology, has become too much for some people. Swamped by an unmanageable number of messages–the volume of email traffic has nearly doubled in the past two years, according to research firm DYS Analytics–and plagued by annoying spam and viruses, some users are saying "Enough!"

Apple is recommending that all QuickTime users–both on Windows and Mac OS X–download its update for Version 7.1.6 to fix a pair of security glitches. The company posted the updates on May 29.

One of the first two problems, in QuickTime for Java, can lead users to having their systems hijacked if they visit a malicious site. The flaw can allow instantiation or manipulation of objects outside of the bounds of the allocated heap. If a user gets lured to a site containing a maliciously crafted Java applet, an attacker can trigger the vulnerability and take over the target system.

The second glitch also is related to QuickTime for Java in that a Web browser’s memory can be read by a Java applet. Like the other problem, a user has to visit a site with a maliciously crafted Java applet. Upon luring a victim to such a site, an attacker can take advantage of the vulnerability and thereby may be able to read sensitive information off the victim’s system.