diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)


Mozilla releases patch for QuickTime, Firefox flaw

Mozilla has released a patch today for its popular Firefox webbrowser which ditches the ability to run arbitrary script from the Firefox command line, a quick fix for a year-old QuickTime bug that could be used to take over user systems. Security researcher Petko D. Petkov on Sept. 12 posted proof-of-concept code showing that the low-risk, year-old QuickTime bug could easily be turned into a high-risk attack on Firefox, Internet Explorer, Skype and other programs. Petkov—aka pdp—showed how QuickTime media formats can be used to get into Firefox, leading to full browser compromise and perhaps even to compromise of the underlying operating system.

Mozilla said that its fix for MFSA 2007-23 was supposed to stop this type of attack but that QuickTime calls the browser in an unexpected way that bypasses that fix. So, to protect Firefox users, it’s stripping out the ability to run arbitrary script from the command line entirely. Don’t worry, though; until Apple has fixed the issue in QuickTime, QuickTime Media-link files can still be used to annoy users, Mozilla said. “Other command-line options remain, … and QuickTime Media-link files could still be used to annoy users with popup windows and dialogs until this issue is fixed in QuickTime,” the open-source foundation said in its post.

Full Article

Mozilla, Firefox, QuickTime, Security, Vulnerability, Flaw, Exploit, Patch, Security Update

Share This Story, Choose Your Platform!

Get Latest News

Subscribe to Digital News Hub

Get our daily newsletter about the latest news in the industry.
First Name
Last Name
Email address
Secure and Spam free...