Welcome to P2PNET.net - The original daily p2p and digital news site. Always First!
Register | Login
RIAA News
Cool Stuff
MPAA News
Games / Consoles
News
Music
Movies
TV
Open Source
Mobiles
Advertising
Product News
P2P
Off Topic
Freedom
Politics
Interviews
Security
DRM
Links
Kids and Kartels
Search: 
Search
 
Web P2PNET   
   Search: 
Search
Torrent Site Tracker
TekSavvy
 
Add real-time p2pnet headlines to YOUR site ! Click here to download our newsfeed code

Firefox 2.0.0.7 with QT fix online

p2pnet news | Security:- Mozilla has just released Firefox 2.0.0.7 with an update to fix a critical Apple QuickTime security hole.

“This will protect Firefox users from the public critical security vulnerability until a patch is available from Apple,” says Mozilla.
This issue was patched in only six (or 6.25 according to John O’Duinn) days.

“When a vendor ships security fixes quickly, it lowers the incentive for attackers to spend time developing and deploying an exploit for that issue,” says a post on the Mozilla Security Blog, adding:

“The window of opportunity for attackers is reduced and so is the potential to compromise users. So thanks you guys, for helping destroy the economics of malicious exploit development.”

“It seams that QuickTime media formats can hack into Firefox,” blogged Petko D. Petkov on GnuCitizen, going on the vulnerability could lead to full compromise of the browser and perhaps the underlaying operating system.

“BTW, QuickTime comes by default with iTunes,” he says. “Therefore, iTunes users are most affected.”

Says Mozilla:

The fix for MFSA 2007-23 was intended to prevent this type of attack but QuickTime calls the browser in an unexpected way that bypasses that fix. To protect Firefox users from this problem we have now eliminated the ability to run arbitrary script from the command-line. Other command-line options remain, however, and QuickTime Media-link files could still be used to annoy users with popup windows and dialogs until this issue is fixed in QuickTime.

This QuickTime issue appears to be the one described by CVE-2006-4965 but the fix Apple applied in QuickTime 7.1.5 does not prevent this version of the problem.

Gran Paradiso Alpha 8 does not contain the fix for this vulnerability.

.SlashdotSlashdot it! Add to Technorati Favorites

Also See:
blogged – 0DAY: QuickTime pwns Firefox, September 12, 2007

Use free p2pnet newsfeeds for your site. It’s really easy!
Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php

Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details. Download here.

This entry was posted on Wednesday, September 19th, 2007 at 4:59 pm and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

HOME

Viewed 6848 times

« previous When our friends start dying
NPR’s long, hard look at the RIAA next »

5 Responses to “Firefox 2.0.0.7 with QT fix online”

  1. Reader's Write Says:
    September 19th, 2007 at 5:58 pm

    Would this affect Linux as well?

  2. Reader's Write Says:
    September 20th, 2007 at 12:34 am

    yes and no

    evil code could get in to firefox on linux but cant do much once there.

    its also unclear whether it is a hole in the unix or windows version. if windows only then NO firefox on linux wont be affected at all.

  3. Reader's Write Says:
    September 20th, 2007 at 4:47 am

    its a windows bug http://blog.mozilla.com/security/2007/09/12/quicktime-to-firefox-issue/ so linux is not affected.

  4. iHuman Says:
    September 20th, 2007 at 8:40 am

    Ok

    Did the person who posted the above comment spam it to all articles?
    I’ve seen that same message on the Osama Bin Ladin one too.

    But any ways, Apple takes for ever to fix anything, so way to go FireFox team

  5. Reader's Write Says:
    September 20th, 2007 at 4:29 pm

    Bug comments say that the proper fix is to uninstall QuickTime

Leave a Reply

Please no Spam, flaming (attacking others), trolling, and posting off-topic. Thanks.

    Advertisements
MP3Rocket


Remove Spyware with AntiSpyware for Windows®