macworld news antenna

Mozilla solves a problem with QuickTime in Firefox

The problem, reported last week by hacker Petko Petkov, provides attackers with an avenue to execute unauthorized commands on the victim’s computer. “This could be used to install malware, steal local data or corrupt the victim’s computer,” as Mozilla indicated in a security advice published last Tuesday.

A patch from July 2007 was supposed to solve this problem, but Petkov showed how an attacker could still execute commands on the victim’s system by tricking him into opening a malicious QuickTime file.

In fact, until Apple solves the underlying problem in QuickTime, headaches will still continue for users, as indicated by Mozilla in its security advice on this matter.

The usual security measure, consisting of disabling JavaScript, does not prevent this type of attack, although Firefox’s NoScript plug-in does provide the necessary protection, according to Mozilla.