Facebook, one of most popular social networking sites has been available to a critical XSS, allowing the hackers to install malicious scripts. Researchers who detected this vulnerability also posted a screenshoot demonstrating the problem. One of most recent incidents were serving malware and live exploit URLs, due to vulnerable web applications, introducing Zlob trojans in the form of fake video codecs, and was initially traced back to infrastructure provided by the Russian Business Network. The security folks at Facebook have been notified and as it seems the Facebook team responded very quickly and fixed the issue immediately!

topBadware.org coalition under Google support has called Apple to review the “carpet bomb” issue in the Safari browser. Nitesh Dhanjani has discovered that in Safari browser on Windows hackers can install suspicious software via booby-trapped Web sites. This can happen because the Safari browser cannot be configured to obtain the user’s permission before it downloads a resource. Safari downloads the resource without the user’s consent and places it in a default location, stated Dhanjani.

According to several sources some of the users of latest Windows XP Service Pack 3 have problems causing blue screen at AMD based systems. Microsoft and HP stated that the problem might be around the Power Management feature. HP has posted a work around that has you go boot into Safe Mode and disable the Intel Power Management.

Mozilla developers have announced that they have stopped the changes to the first release candidate of Firefox 3.0 and is working to get that build to users by the end of the month. As Mike Schroepfer, Mozilla’s vice president of engineering stated they are ready to launch Firefox 3 Release Candidate 1 (RC1) by the end of May. Since RC1 passed many beta stages it is possible that it will be the only release candidate but unveiling of possible bugs and flaws will continue development of new Release Candidates until they are ready for final shipment. Mozilla issued three release candidates in the run-up to the final code of Firefox 2.0, and Schroepfer said that he expected Firefox 3.0 to follow that same pattern.

Latest Microsoft Thursday security bulletin patches three critical bulletins for Microsoft Office and Windows and a moderate denial of service vulnerability for the company’s security software. A critical remote code execution vulnerability primarily affecting Microsoft Office (Word) and another critical remote code execution flaw in Publisher, a critical Jet database engine issue that affects Windows 2000, Windows XP and Windows Server 2003 and a denial of service vulnerability in Windows Live OneCare, Microsoft Antigen, Microsoft Windows Defender, Microsoft Forefront Security.

Mozilla team has noticed that a Vietnamese language pack for Firefox 2 is carrying malware. As Mozilla security chief Window Snyder wrote Vietnamese language pack for Firefox 2 contains inserted code to load remote content resulting with virus infection. Everyone who downloaded the Vietnamese language pack from February 18, 2008 got an infected copy. So, if you downloaded that particular language pack run immediate virus check of your computer.