Welcome!

Search Authors: David Weinberger, Reuven Cohen, Maureen O'Gara, Newt Barrett, Timothy Fisher

Related Topics: Web 2.0, AJAX & REA

Web 2.0: Article

Firefox "QuickTime Bug" Fixed

"Code execution via QuickTime Media-link files" bug fixed
By Web 2.0 News Desk
Article Rating:
September 21, 2007 05:45 PM EDT
Reads:
 8,592

The Firefox "QuickTime Bug" - has been fixed. QuickTime Media-Link files contain a qtnext attribute that could be used on Windows systems to launch the default browser with arbitrary command-line options and previously when the default browser was Firefox 2.0.0.6 or earlier, use of the -chrome option allowed a remote attacker to run script commands with the full privileges of the user.

The vulnerability had lasted for a year, causing security guru Eric Schultze last week to recommend that FF users with the QuickTime plug-in switched to IE (or not click on movie files) until the Mozilla Foundation could release a patch, as it has now done.

Published September 21, 2007 – Reads 8,592
Copyright © 2007 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.

More Stories By Web 2.0 News Desk

The Web 2.0 Journal News Desk keeps you up to speed with all that's happening in the world of the read/write Web and all its mushrooming new facets - from tagging, wikis, mash-ups, and image-sharing to "Advertising 2.0," podcasting, and The Writeable Web.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.