Mozilla, the maker of the popular Firefox browser, has released a fix for a vulnerability in QuickTime which was flagged up last week.
A patch for the same flaw was originally issued by Mozilla back in July, however it proved to be incomplete. The flaw is in the way the browser deals with JavaScript code in QuickTime files. Malware could conceivably be disguised as files like .mov and .mp3 which could be installed through QuickTime. Petko Petkov, a security researcher, highlighted the fact that Mozilla's original patch was not enough.
In a security advisory Mozilla stated: "On his blog Petko Petkov reported that QuickTime Media-Link files contain a qtnext attribute that could be used on Windows systems to launch the default browser with arbitrary command-line options. "When the default browser is Firefox 2.0.0.6 or earlier use of the -chrome option allowed a remote attacker to run script commands with the full privileges of the user." Firefox is currently posing a challenge to Microsoft's Internet Explorer to be the most popular browser.
No comments:
Post a Comment