The news comes on the exim mailing list, where a user posted that he had his exim install hacked via remote exploit giving the attacker the privilege of the mailnull user, which can lead to other possible attacks. A note up at the Internet Storm Center reminds exim users how to set up to run in unprivileged mode, and a commenter includes recompile instructions for Debian exim for added safety.

A security bug in the latest version of the FreeBSD can be exploited to grant unprivileged users complete control over the operating system, a German researcher said Monday.

Microsoft has exposed Firefox users to attacks for many months; Mozilla blocks Microsoft's Firefox "leech"

Last week, Linux was tagged with a local NULL pointer flaw that could have led to a privilege escalation issue. Linux founder Linus Torvalds pushed a patch upstream quickly and now that patch is in the Linux 2.6.31 -rc6 milestone.

In the last few days, there have been several reports (including one via SANS) of a bug in Firefox related to handling of certain very long Unicode strings. While these strings can result in crashes of some versions of Firefox, the reports by press and various security agencies have incorrectly indicated that this is an exploitable bug.

Mozilla updated Firefox to version 3.5.1 for Windows, Mac, and Linux on Thursday, fixing a security problem, improving stability, and speeding launch time on some Windows systems, according to the release notes.

The flaw discovered in Ralink's Wi-fi drivers for Windows last weekend also affects the Linux drivers – as already suspected. Attackers can exploit the hole to crash a computer remotely or possibly even inject and execute arbitrary code. Debian has released new packages for the rt2400, rt2500 and rt2570 models, but the packages need to be compiled by the user for the time being.