Firefox patches elusive Quicktime security flaw

Mozilla has fixed a vulnerability in how Apple QuickTime Media-Link files contain a qtnext attribute that could be used on Windows systems to launch the default browser with arbitrary command-line options.

Although the problem appeared to be resolved earlier this year, researcher Petko D. Petkov and others found recently that it could still be exploited.

A previous fix in July's Firefox version 2.0.05 was intended to resolve this issue, but, according to Mozilla, "QuickTime calls the browser in an unexpected way that bypasses that fix." Also, Apple's own fix in the release of QuickTime 7.1.5 last March failed to resolve the issue.

The security update for Firefox has been automatically pushed out to current users. New users can download the latest version from Mozilla directly .

Finally, Mozilla notes that the upcoming release of Firefox 3 (Gran Paradiso) Alpha 8, expected today or tomorrow, does not contain the fix for this vulnerability.

This article was originally a blog post on News.com.

Talkback 0 comments

• INFORMATION SECURITY ANALYST / SENIOR
• Application Security Professionals
• BDM Specialised Electronic Security Solutions
• IT Security Audit Engineer
• Senior SOX IT Auditor Immediate start $500 daily

TechGuides

Get network versatility with SSH tunneling and netcat

Vincent Danen explains how to use netcat with SSH tunneling when you need to create a secure connection to a server from a remote location.

Read more »

Latest from Blog Central

Where have all the bosses gone?

Read more »

Cutting-edge technology from premium sponsors

Adaptive Threat Management

High Performance Security for your Distributed Enterprise

Achieve lower TCO, agility, risk mitigation, compliance, and productivity

Webcast series: Cybercrime is a growth industry - is your organisation prepared?

More resources to optimize the security of your enterprise »

Brought to you by:

 

 

 

More Tech Showcases:

Juniper Networks