Mozilla security chief Window Snyder (left) has confirmed the existence of a serious code execution vulnerability in the brand-new Firefox 3.0 browser.

Snyder’s confirmation follows a public warning by TippingPoint’s ZDI (Zero Day Initiative) that the flaw could lead to PC takeover hijacks if a user simply surfs to a rigged Web site with Firefox.

On the Mozilla security blog, Snyder said the bug impacts Firefox versions 2.x and 3.0:

This issue is currently under investigation.  To protect our users, the details of the issue will remain closed until a patch is made available.  There is no public exploit, the details are private, and so the current risk to users is minimal.

At Mozilla we appreciate any report of security issues because that is how we make the browser stronger and more secure.  The best way to keep Firefox users safe is to report the issues directly to Mozilla as TippingPoint has chosen to, and to wait to release details until a fix is available.

As previously reported, the vulnerability was sold to TippingPoint ZDI a few hours after Mozilla’s shipped the final release of Firefox 3.0.

The ballots are in for the best selling cell phone (on a global basis), according to Krusell, the Swedish manufacturer of carrying cases for portable gadgets.

The Krusell list is based upon the number of pieces of model-specific mobile and smart phone cases that have been ordered from Krusell during September 2006.

According to the comany, this list is unique due to the fact that it reflects the sales of phones on six continents and in more than 50 countries around the globe.

When you look at the rankings (after the break!) what’s interesting, at least globally, is how the mobile phone market has boiled down into what we call in marketing parlance a “three-horse race.”

In other words, out of all the companies that have tried their luck in this market (and many are still trying), three (and only three) companies have established themselves as the mobile phone market leaders in the eyes, ears and pocketbooks of the gadget-buying consumer audience.

(We take no demographic for granted here.)

Which three? You will find out in a moment. (Patience …)

Now, without further ado, let’s get to get to the rankings of the top 10 selling cell phones. The envelope please:

1. Sony Ericsson K790i/K800i
2. Sony Ericsson K750i/D750i/W800i
3. Nokia 6230/6230i
4. Sony Ericsson W810i
5. Motorola RaZr V3/ V3i /V3c
6. Nokia N73
7. Nokia 5500
8. Sony Ericsson P990
9. Nokia 6280/6282
10. Motorola Krzr K1

Sony Ericsson, Nokia, Motorola (looks like the combination of Sony and Ericsson from two cell phone companies into one is paying off …)

She’s close to moving out of The Hills and into the Valley.

Now there’s more good news for Hollywood’s most beloved train wreck.

Officials say they will not file charges against Britney Spears stemming from a 2007 incident in which she drove over the foot of a celebrity news guy while speeding out of the doctor’s office where she received collagen injections, natch.

The reasoning? The only way the dude’s foot could have been where a celeb news video showed it to be was if he himself had put it there.

Deputy district attorney Joseph Shidler told the press:

“We have no evidence to prove beyond a reasonable doubt that the suspect, Ms. Britney Spears, was at all aware that the victim’s foot had in fact been struck by the vehicle. There was much commotion and noise at the time and there is no proof that the suspect was aware of what had happened.”

MENACE TO SOBRIETY: Britney Spears puts motorists and pedestrians at extreme risk as she takes to the streets of Southern California in this 2007 file photo.

The Deputy D.A. added “The only way the victim’s foot could have been where the video indicates was by the victim placing it in that location.”

With this legal monkey off her back, Britney is free to once again terrorize greater Los Angeles County at will, should she feel a craving for Starbucks.

If you aren’t sure, you will soon be able to download a tool from Google that will tell you once and for all if they are. If ISP’s aren’t going to tell their users exactly what is happening with their network connections, Google wants to make sure that these people have the ability to tell for themselves. This announcement is Google’s most recent attempt at raising awareness about net neutrality.

This isn’t the first time someone has made software to monitor your network to figure out if your ISP is doing anything fishy, NNSquad Network Measurement Agent is a tool that does exactly that already. In fact, this might actually be the tool Google is referring to. Vint Cerf, Google’s chief Internet Evangelist, is part of the NNSquad already.

It’s unclear what kind of effect something like this will have on the network neutrality debate, but it certainly can’t hurt.

Instant-messaging power users, rejoice: a barrier between two previously isolated realms of online chat is coming down.

A minor sidelight in the Yahoo-Google search ad deal announced Thursday is that the two companies “agreed to enable interoperability between their respective instant-messaging services, bringing easier and broader communication to users,” the companies said. They’re not sharing further details at this stage, but it’s safe to bet that means people on Yahoo’s IM network will be able to chat with those on Google’s and vice-versa.

That’s a big step in the right direction.

IM is a useful if sometimes intrusive tool, especially in this day and age when the Internet has tightened ties among co-workers, family, and friends. But people and companies don’t always use the same networks, meaning that power users either must run multiple IM programs or try to bridge the divide with multiprotocol packages such as Trillian, Adium, Digsby, Kopete, or Pidgin.

IM today is similar to the early days of electronic mail, when users couldn’t send messages between incompatible services such as AOL, Prodigy, and CompuServe. Happily, the Internet’s SMTP standard for e-mail emerged victorious, and now we only need one e-mail address (leaving aside the issue of personal vs. work identities, but that’s a story for another day).

A power user’s plight
I’m one of those heavy IM users tormented by today’s situation. I have to talk to people on Windows Live Messenger, Yahoo Messenger, AOL Instant Messenger, and Google Talk. It’s a pain having separate usernames for each service, but much worse is looking for software that centralizes IM for me.

I recognize I’m not a representative sample of the population at large. I have 797 buddies, many of them the same people represented on multiple services.

AOL said in a statement, in effect, that I am indeed an anomaly. “We have no evidence that interoperating with other consumer IM services is of great interest to AIM users,” the company said.

But I’ve seen the problem worsen in the years I’ve used IM, and I believe mainstream people will encounter this problem with greater frequency as they change jobs, graduate from schools, meet new friends, and otherwise expand their social horizons.

Walled gardens
There are signs that these days are numbered. As Internet companies race to build rich communities and services on the Web, “walled gardens” have become widely disparaged as a relic.

Yahoo, for example, has pledged to expose formerly closed parts of its business through its Yahoo Open Strategy. And AOL is opening up AIM some, for example, letting Meebo and eBuddy link up.

But it’ll take awhile to convince me that the IM walls are truly coming down.

For one thing, most of the progress to date has been through interoperability agreements that permit one service to link with another. That’s like CompuServe building a custom gateway to translate and route e-mail from AOL–helpful, but symptomatic of the larger problem. The more IM services there are, the more gateways each service needs to work with the others, and more services are cropping up as companies such as MySpace, Skype, and Facebook add chat abilities.

What we really need is an IM communication standard. The obvious candidate is the XMPP protocol on which Google built its service but that none of the other major players use.

Google, unsurprisingly, shares my view. “The Web is based on open standards and protocols so users can use any browser on any operating system to visit any Web site. We think the open Web model ought to apply to IM,” Seth Demsey, senior product manager for Google Talk, said in a statement.

Of course, it’s a lot easier for underdogs to endorse standards, and Google has 1 percent share of IM users worldwide, according to ComScore figures in April.

Interoperability isn’t easy

To be fair, IM interoperability isn’t an easy technical problem to tackle for mammoth services with millions of users and messages. There also are privacy issues when one service is sharing data and buddy lists with another.

More complicated are higher-level features and services that IM companies have added atop basic text chat: status messages, avatars, file transfer, voice and video chat, message forwarding to mobile phones. I think there’s still value to unifying basic text chat even if higher-level features remain fragmented.

Then, of course, there are business reasons to keep things separate. Yahoo, AOL, and Microsoft all display ads on their services, and AOL is trying to make its service into a foundation on which programmers will create online applications. Opening up IM connections to other services means, for example, that someone using AIM might not see the ads displayed on the AIM software.

I can’t help but wonder, though, if a unified IM landscape might spur faster growth and more extensive use of IM services–factors that mean those people using popular chat software could spend even more time gazing at ads.

Other interoperability deals
There are some other interoperability deals besides the Yahoo-Google one announced Thursday. Most notably, users of Microsoft and Yahoo instant-messenger services can link up and chat if they’re using recent versions of the software.

And there could be more progress on this front: “Microsoft looks forward to continuing our interoperability reach to customers worldwide,” Brian Hall, Microsoft’s general manager of Windows Live, said in a statement.

Users of Apple iChat can link with AIM and Google.

Google’s situation is complicated, in part because it has multiple IM options. The company offers Google Talk in two incarnations: client software that can be installed on Windows machines and a gadget that runs in a Web browser. Those versions can work with any XMPP-based chat service. (They’re not popular, so you probably haven’t heard of them.)

Google also has Gmail chat, which runs alongside the company’s Web-based e-mail service. It can work with AIM.

So tell me: Am I an anomaly because I use multiple chat networks? And how do you solve your IM needs? Does a single IM client suffice, or do you use two to cover the bases? Send an e-mail to stephen.shankland@cnet.com or share your opinion in the feedback section below.

Intel is expected to bring out low-cost quad-core processors in the third quarter to compete with AMD’s triple-core Phenom chip. One site is also posting specifications for upcoming Nehalem processors.

The Core 2 Quad Q8000 series will include the Q8200, which will be priced as low as $203, according to Chinese-language technology Web site HKEPC.

Tech Web site The Inquirer also cited an Intel slide with the processor.

The 45-nanometer Q8000 series will be relatively low performance and stripped down, running at a clock speed of only 2.33GHz and integrating only 4MB of cache memory.

The currently shipping Intel quad-core processor that comes closest to this is the popular Q6600, which runs at 2.4GHz and packs 8MB of cache memory. This is priced at $224. Typically, the more cache memory integrated into a processor, the better the performance.

An Intel Q8000 quad-core chip priced at $203 would still be more expensive, however, than an AMD triple-core Phenom. A triple-core Phenom processor 8750 (2.4GHz) is listed on AMD’s processor pricing page at $195. The Phenom 8650 (2.3GHz) is listed at $165 and the Phenom 8450 (2.1GHz) at $145.

The price difference between a system using a Phenom and one based on a Core 2 Quad is typically even more stark at first-tier vendors like Hewlett-Packard, where it can be as much as $300. Presumably, a system with a Q8000 quad-core processor would fall below the Q6600-based system in price.

HKEPC is also posting specifications on Intel’s upcoming Nehalem processor, which is based on a new architecture featuring a high-speed data transfer technology called QuickPath (PDF).

At least three Nehalem “Bloomfield” quad-core processors are slated for the fourth quarter, with speeds ranging between 2.66GHz and3.2GHz, targeted at the mainstream and high end of the market. The processors will also use a new “X58″ chipset, according to the report.

HP released a slew of new consumer and business products–including 17 new laptops–at an event in Berlin earlier today. In addition to HP and Compaq notebooks, new products include a refresh of its TouchSmart all-in-one PC, a Voodoo-branded desktop and notebook (the Voodoo PC site had been down for several days), and a 30-inch LED-backlit flat-panel display.

The new notebook roster consists of six consumer models and 10 business laptops, including the HP EliteBook, a 14.1-inch thin-and-light with an anodized aluminum case and magnesium alloy chassis. These are also the first HP laptops to offer AMD’s Puma platform with Turion 64 X2 Ultra processors and the still unannounced Intel Centrino 2 platform, also known as Montevina. Several models also offer an optional LED-backlit display, which is lighter and more energy-efficient.

Consumer Notebooks
Both the Pavilion and Compaq Presario models (PDF with details here) include a new surface design, HP Imprint 2. Depending on the model and configuration, the Pavilions also include touch-capacitive controls, optional widescreen displays with flush bezels, discrete graphics (both AMD and Nvidia), Blu-ray drives and TV tuners. HP also announced several new accessoires including Bluetooth headphones and a redesigned media docking station.

1. HP Pavilion dv4t (Intel): 14.1-inches; late June; $999
2. HP Pavilion dv4z (AMD): 14.1 inches; early September; $799
3. HP Pavilion dv5t (Intel): 15.4 inches; late June; $899
4. HP Pavilion dv5z (AMD): 15.4 inches; late June; $699
5. HP Pavilion dv7t (Intel): 17 inches; late June; $1,299
6. HP Pavilion dv7t (AMD): 17 inches; July; $949
7. Compaq Presario CQ40: 14.1 inches; varies by region
8. Compaq Presario CQ45: 14.1 inches; varies by region
9. Compaq Presario CQ50: 15.4 inches; varies by region

Business Notebooks
The EliteBook is the big news here, but there are other changes worth noting (PDF with details here). Some models offer the HP un2400 wireless WAN module, which uses Qualcomm’s Gobi software-defined radio that works with multiple carriers and wireless networks. HP has added several utilities for providing quick aceess to e-mail, contacts and appointments; managing usernames and passwords; securely erasing files; and encrypting the contents of the hard drive. (The latter two appear to be on s-series laptops only.)

• HP EliteBook: 14.1 inches; 4.7 pounds
• HP Compaq 6530b and 6535b: 14.1 inches; 5.3 pounds
• HP Compaq 6730b and 6735b: 15.4 inches; 5.9 pounds
• HP Compaq 6530s and 6535s: 14.1-inch WXGA or HP BrightView; 5.3 pounds
• HP Compaq 6730s and 6735s: 15.4 inches; 5.9 pounds
• HP Compaq 6830s: 17 inches

All of these models will be available later this month at starting prices ranging from $799 for the s-series to $1,179 for the semi-ruggedized EliteBook.

HP TouchSmart AIO
This refresh has a 22-inch widescreen, Intel Core 2 Duo processors and 4GB of memory. The emphasis is on the expanded touchscreen functions. The updated software, TouchSmart IQ500 series, lets you manage photos, music and video with your fingers without using the keyboard or mouse–much like the multi-touch controls on newer Apple products. There are two models: the IQ504 (no TV tuner), which starts at $1,299, and the IQ506 (with a TV tuner), which starts at $1,499. Both are available for pre-order online and will be in stores on July 13.

Voodoo PCs
After purchasing this boutique gaming PC outfit, HP kept the brand alive through a well-received line of Blackbird gaming rigs that were billed as having “Voodoo DNA.” Now HP is restoring Voodoo’s full status with a new desktop, the Voodoo Omen, and laptop, the Voodoo Envy 133. The Voodoo Omen will initially be available by invitation only (no, I’m not making this up) at prices starting around $7,000. The Envy, which has a 13.3-inch display and weighs only 3.4 pounds, will be available this summer starting at $2,099. The detailed specs on both are available as PDFs on the voodoopc.com site.

In a somewhat confusing arrangement, the new Voodoo-branded PCs will be sold through the redesigned voodoopc.com site, while the Blackbird 002 and future “with Voodoo DNA” products will be sold through www.hp.com/voodoodna.com. As I mentioned yesterday, the Blackbird 002 will also be sold in retail.

HP DreamColor Display

HP is pitching this 30-inch display as a “color-critical” panel for pros at a fraction of the price. The DreamColor name, which stems from HP’s relationship with DreamWorks, is meant to drive this point home. HP has used the sub-brand in connection with some printers, but the LP2480zx is the first DreamColor display. HP says the LED-backlit display is capable of displaying more than 1 billion colors. It is available now for $3,499.

we now have a name for the next-generation iPhone - the iPhone 3G.

Here’s what we know:

• 3G support
• Built-in GPS
• Black plastic back (white shell version of the 16GB model available)
• Metal buttons
• Same display
• Camera
• Flush headphone jack (requested feature)
• Better audio

Pricing:

• 8GB: $199
• 16GB: $299

Battery life:

• Stand by time: 300 hours
• 3G talk time: 5 hours
• Browsing: 5-6 hours browsing
• Video: 7 hours video
• Audio: 24 hours

Spec as on the Apple Store website:

Screen size

- 3.5 inches (diagonal)

Screen resolution

- 480 by 320 pixels (163 ppi)

Input method

- Multi-Touch

Storage

- 8GB and 16GB

Cellular

- UMTS/HSDPA (850, 1900, 2100 MHz)
- GSM/EDGE (850, 900, 1800, 1900 MHz)

Wireless data

- Wi-Fi (802.11b/g)
- UMTS/HSDPA (850, 1900, 2100 MHz)
- EDGE (850, 900, 1800, 1900 MHz)
- Bluetooth 2.0 + EDR

GPS

- Assisted-GPS

Camera

- 2.0 megapixels

Battery

- Talk time: Up to 5 hours on 3G;
- up to 10 hours on 2G
- Standby time: Up to 300 hours
- Internet use: Up to 5 hours on 3G;
- up to 6 hours on Wi-Fi
- Video playback: Up to 7 hours
- Audio playback: Up to 24 hours

Dimensions

- 4.5 by 2.4 by 0.48 inches
- (115.5 by 62.1 by 12.3 mm)

Weight

- 4.7 ounces (133 grams)

Rigorous control of blood sugar won’t save diabetics the heart ravages which come with the disease, new studies show.

Instead diabetics need to treat themselves as we heart patients do, with statins, blood pressure control, diet, exercise and a baby aspirin before bedtime. Their current regimen for controlling blood sugar may be as good as it gets.

The results of the studies shocked some researchers, and there was some disagreement over the Australian study, which showed the strict regimen cut back on eye and kidney damage.

The Australia study was done by the ADVANCE Collaborative Group, and covered far more people in far more countries than the American study, which was called ACCORD.

Critics noted that the Australian study was backed by Servier Labs, a French company which provided one of the drugs studied. Defenders quickly noted Servier had no influence on how the study was done or its results.

But in sicker patients those with strict sugar controls actually had higher death rates, from heart attack and stroke, than those without. This was seized by some Americans as evidence that strict control is counter-productive.

As with the earlier ENHANCE study on cholesterol, which led many to question the link between a cholesterol number and heart disease, the real lesson here may be that diabetes, like heart disease, is complicated.

It’s also likely that doctors will decide not to change their advice to diabetics in light of this study, as they haven’t changed their recommendations to heart patients based on ENHANCE.

All of which leads me to question what I’ll tell friends like the neighbor above, who are diabetics. Rather than depress him with the failure of ADVANCE and ACCORD I think I’ll just say we have more in common than before — under the skin.

Adobe has released the beta version of its Flash Player 10 code name ‘Astro‘. Flash Player 10 public beta is now available for download for Windows, Mac and Linux.

Some great new features for web developers added to Flash Player 10 include:

• Support for 3D rendering effects
• New drawing APIs
• Adobe Pixel Blender Filters
• New text rendering engine
• Graphics acceleration

Flash Player is generally the most popular internet explorer enahncing software. As it is in beta, so bugs are expected. There’s no date mentioned for final release.