Science & Technology World

Mozilla, racing to release Firefox 3.6 by the end of the year , issued a fifth, and likely final, beta version of the new browser. The open-source browser backer announced the new Firefox beta (download for Windows and Mac OS X ) in a blog announcement Thursday. Firefox 3.6 builds in a feature called Personas for customizing the browser's appearance, adds the File interface for better file management such as selecting what to upload, and, my personal favorite, placement of new tabs next to the ones that spawned them . A total of 127 bugs were fixed since the fourth beta, but this time Mozilla didn't announce any new features . The first Firefox 3.6 beta arrived in October. Mozilla had considered issuing its first Firefox 3.6 release candidate this week: "If we can go to build today or tomorrow, QA [quality assurance] will scrap Beta 5 and we'll release RC to the beta audience ASAP," the Mozilla meeting notes said.

Firefox was the application that had the most reported vulnerabilities this year, while holes in Adobe software more than tripled from a year ago, according to statistics compiled by Qualys, a vulnerability management provider. Qualys tallied 102 vulnerabilities that were found in Firefox this year, up from 90 last year. The numbers are based on running totals in the National Vulnerability Database . However, the high number of Firefox vulnerabilities doesn't necessarily mean the Web browser actually has the most bugs; it just means it has the most reported holes. Because the software is open source, all holes are publicly disclosed, whereas proprietary software makers, like Adobe and Microsoft, typically only publicly disclose holes that were found by researchers outside the company, and not ones discovered internally, Qualys Chief Technology Officer Wolfgang Kandek said late on Wednesday. Meanwhile, Adobe took the second-place spot from Microsoft this year. The number of vulnerabilities in Adobe programs rose from 14 last year to 45 this year, while those in Microsoft software dropped from 44 to 41 , according to Qualys. Internet Explorer, Windows Media Player and Microsoft Office together had 30 vulnerabilities. A shift in focus The numbers illustrate the trend of attackers turning their focus away from operating systems and toward applications, Kandek said. "Operating systems have become more stable and harder to attack and that's why attackers are migrating to applications, he said. "Adobe is a huge focus for attacks now, around 10 more than Microsoft Office. However, other widely used targets like Internet Explorer and Firefox are still far from secure." Research from F-Secure earlier this year provides further evidence that holes in Adobe applications are being targeted more than Microsoft apps. During the first three months of 2009 , F-Secure discovered 663 targeted attack files, the most popular type being PDFs at nearly 50 percent, followed by Microsoft Word at nearly 40 percent, Excel at 7 percent, and PowerPoint at 4.5 percent. That compared with Word representing nearly 35 percent of all 1 ,968 targeted attacks in 2008 , followed by Reader at more than 28 percent, Excel at nearly 20 percent, and PowerPoint at nearly 17 percent. As a result, Adobe needs to respond the way Microsoft did in 2002 when it launched its Trustworthy Computing initiative , and make securing its software a company-wide priority, researchers say . F-Secure even recommended that people stop using Reader and use an alternative PDF reader. Adobe has taken some action, announcing in May that it would release its security updates on a regular schedule, quarterly and coinciding with every third Microsoft Patch Tuesday. Another study released this week focuses on which applications are the riskiest to users. Based on the most severe vulnerabilities in popular applications that run on Windows and which are not updated automatically, Firefox again tops the list, followed by Adobe Reader and Apple QuickTime, according to Bit9 , a provider of application whitelisting technology. The list of risky software compiled by Bit9 based on the National Vulnerability Database also includes Java, Flash Player, Safari , Shockwave, Acrobat, Opera, Real Player, and Trillian. Last year, the Bit9 list of the most risky apps included Skype, Yahoo IM, and AOL IM, but those three were not on this year's list. Not included on the list are programs from Microsoft and Google because of the ability for users of their software to have patches installed automatically. Microsoft software can be automatically and centrally updated via the Microsoft Systems Management Server and Windows Server Update Services, and Google Chrome is automatically updated when users are on the Internet, Bit9 said. The lists do not take into account the amount of time it takes for companies to release patches, particularly when there is an exploit in the wild. Bit9 noted that Microsoft Internet Explorer was given an "honorable mention" because of a zero- day vulnerability related to ActiveX that went unpatched for three weeks in July . Microsoft isn't alone in taking longer than customers would like to fix holes. In March , Adobe released a patch for a zero-day vulnerability in Reader and Acrobat--about two weeks after it was disclosed to users and nearly two months after exploits had been discovered in the wild. Adobe customers will have to wait about a month for a fix to the latest critical zero-day hole in Reader and Acrobat. The company announced on Wednesday it would not patch the vulnerability until its next scheduled quarterly security update release on January 12.

A producer from Uruguay who uploaded a short film to YouTube in November 2009 has been offered a $30 m (£18.6 m) contract to make a Hollywood film. The movie will be sponsored by director Sam Raimi, whose credits include the Spiderman and Evil Dead films. Fede Alvarez's short film "Ataque de Panico!" ( Panic Attack!) featured giant robots invading and destroying Montevideo, the capital of Uruguay. It is 4 mins 48 seconds long and was made on a budget of $ 300 (£186). So far it has had more than 1.5 million views on YouTube. "I uploaded (Panic Attack!) on a Thursday and on Monday my inbox was totally full of e-mails from Hollywood studios," he told the BBC's Latin American service BBC Mundo. "It was amazing, we were all shocked." The movie Mr Alvarez has been asked to produce is a sci-fi film to be shot in Uruguay and Argentina. He says he intends to start from scratch and develop a new story for the project. "If some director from some country can achieve this just uploading a video to YouTube, it obviously means that anyone could do it," he added. YouTube recently revealed the most watched videos of 2009. Britain's Got Talent star Susan Boyle topped the chart with more than 120 million views worldwide of her debut on the show.

Extraordinary video has been obtained in the Pacific Ocean of the deepest undersea eruption ever recorded. The pictures show lavas bursting into the water at the West Mata submarine volcano, which is sited about 200 km (125 miles) south-west of the Samoas. The US Jason robotic submersible had to descend over 1 ,100 m to acquire the high definition video. The vehicle found microbes and a specialized volcano-dwelling shrimp thriving in hot, acidic waters. "It's an extraordinary environment," said Joseph Resing, a chemical oceanographer at the University of Washington and the Joint Institute for the Study of the Atmosphere and Ocean in Seattle, US. "You have molten lavas at 1 ,400 C producing acidic fluids - the sulphur dioxide makes these fluids as acidic as pH1.4 - and yet microbes are thriving," he told BBC News. "The magmatic gases sustain and provide energy for microbial life, and then the microbes provide energy for the shrimp. "We see them very close to the volcano - within metres." Dr Resing has been describing the volcano's behaviour here at the American Geophysical Union's (AGU) Fall Meeting, the world's largest annual gathering of Earth scientists. Rock recycling The West Mata submarine volcano is about 9 km long and 6 km wide. The base is some 3 km down. Its setting is very close to the 10 ,000 m-deep Tonga-Kermadec Trench. This is where the Pacific Tectonic Plate, which comprises much of the central ocean floor, dives under (subducted) the Australian Plate. It is a key location for the recycling of rock back into the interior of the Earth and it is where molten material can also then force its way back up to the surface. The possible existence of the eruption was first identified in November 2008 through water samples recovered from the ocean that contained anomalously high levels of hydrogen and volcanic debris. But it was not until a full scale expedition took place in May this year and Jason was able to go down and investigate West Mata that scientists realised the magnificence of the discovery. Lava flows Jason, which is operated by the Woods Hole Oceanographic Institution (WHOI), moved to within 3 m of the erupting volcano. The vehicle's high-definition camera captured large molten lava bubbles about a metre across bursting into cold seawater, and it saw glowing red vents explosively ejecting lava into the sea. It is said to be the first-observed advance of lava flows across the deep-ocean seafloor. Jason's two robotic arms collected samples of rocks, hot spring waters, the microbes, and the shrimp. To find and study animal life in such a location was fascinating, said Tim Shank, a WHOI macro- biologist on the expedition. "The animal life you see down there has evolved over millions of years to take advantage of the situation. Virtually every species down on the sea floor at vents has some sort of novel adaptation," he told reporters at the AGU meeting. "Shrimp have modified eye forms, and modified claws to enable them to scrape certain types of bacteria. This is where fundamental planetary processes like eruptions meet life, so it has profound implications for me as a biologist looking at the evolution of life on this planet." Researchers say the volcano is spewing boninite lavas, believed to be among the hottest erupting on Earth in modern times, and a type only seen before on extinct volcanoes older than a million years. "Having a very fresh occurrence - it hasn't been altered by the ravages of time - and having a known date of eruption gives us the ability to study many different aspects of the rock, including radioactive tracers which will give us the rates of these processes - i.e. how long it takes for this recycling [at subduction zones] to occur." The West Mata expedition was funded by the US National Science Foundation and the US National Oceanic and Atmospheric Administration.