Thursday, 20 September 2007 02:19

Firefox updated for QuickTime vulnerability

By
Firefox 2.0.0.7 has been released to protect against a "critical" vulnerability exploitable through QuickTime files.

No other changes are mentioned in the release notes.

The problem is that QuickTime files can contain a command to launch the default browser. This can be exploited by including Firefox parameters to cause script commands to be executed and run with user privileges. If the user has administrative privileges, this could be used to instal malware or carry out other malicious activities.

The cure has been to remove Firefox's ability to run command line scripts.

"[Version 2.0.0.7] will protect Firefox users from the public critical security vulnerability until a patch is available from Apple," said Window Snyder, Mozilla's head of security strategy. "I would like to personally thank the individuals at Apple who worked with us and the engineers at Mozilla that work so hard to get security updates out so quickly."

The fix in Firefox 2.0.0.5 for a vulnerability created by the interaction of Firefox and Internet Explorer was originally thought to protect against an entire class of vulnerabilities, "but QuickTime calls the browser in an unexpected way that bypasses that fix," according to a Mozilla Foundation advisory. Furthermore, this particular issue is not caught by changes introduced to QuickTime 7.1.5 to prevent such exploits.

While Firefox 2.0.0.7 has been released for Windows, Mac OS X and Linux, it appears that the vulnerability it addresses only affects Windows.

The current version of QuickTime is 7.2.


BACK TO HOME PAGE

NEW OFFER - ITWIRE LAUNCHES PROMOTIONAL NEWS & CONTENT

Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.

POST YOUR NEWS ON ITWIRE NOW!

INVITE DENODO EXECUTIVE VIRTUAL ROUNDTABLE 9/7/20 1:30 PM AEST

CLOUD ADOPTION AND CHALLENGES

Denodo, the leader in data virtualisation, has announced a debate-style three-part Experts Roundtable Series, with the first event to be hosted in the APAC region.

The round table will feature high-level executives and thought leaders from some of the region’s most influential organisations.

They will debate the latest trends in cloud adoption and technologies altering the data management industry.

The debate will centre on the recently-published Denodo 2020 Global Cloud Survey.

To discover more and register for the event, please click the button below.

REGISTER HERE!

BACK TO HOME PAGE
Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

BACK TO HOME PAGE

Webinars & Events

VENDOR NEWS

REVIEWS

Comments