Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firefox Susceptible To QuickTime Security Flaw

Posted by kdawson on from the exploit-available-in-the-wild dept.

Hugh Pickens writes "Apple's QuickTime media player software contains a previously undocumented security weakness in the way QuickTime handles the RTSP media-streaming protocol. The vulnerability is present in QuickTime versions 4.0 through 7.3 (the latest version) on both Windows and Mac systems. Symantec has tested the publicly available exploit code and found that it failed to work properly against Internet Explorer 6/7 or Safari 3 Beta but the exploit works against Firefox if users have chosen QuickTime as the default player for multimedia formats. Firefox users are more susceptible to this attack because Firefox farms off the request directly to the QuickTime Player as a separate process outside of its control, while IE loads the QuickTime Player as an internal plugin and when the overflow occurs, standard buffer-overflow protection is triggered, shutting down the affected processes before any damage can occur."

4 of 231 comments (clear)

  1. Safari by u235meltdown · · Score: 0, Flamebait

    ok, so I use Safari or Opera (if they handle this better) to browse porn for a while till they patch this

  2. Oh noes by dedazo · · Score: 0, Flamebait

    I felt a great disturbance in the Force... as if millions of fanboys suddenly cried out in terror and were suddenly silenced.

    --
    Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
  3. Re:How is this a firefox problem? by orclevegam · · Score: 0, Flamebait

    Ok, try this experiment then. Find one of these exploited QuickTime movies, open it in IE and watch it. Then, download and save the file on your computer, and open it using QuickTime (not unlikely, people often download copies of QuickTime movies to watch later). Congratulations, you've not been compromised, all while being "protected" by IE.

    --
    Curiosity was framed, Ignorance killed the cat.
  4. Re:How is this a firefox problem? by orclevegam · · Score: 0, Flamebait

    It's a QuickTime problem, that can affect you if you use FireFox to browse QuickTime clips with. This does not make it a FireFox problem, just something that FireFox doesn't go out of its way to protect you from. If you download and play those movies you're still vulnerable to the exploit no matter what browser you use, so it's not an issue with any web browser, it's an issue with QuickTime. All the MS fanboys are just using this as an excuse to flame the FireFox fanboys, and then cry foul when people point out that it's not really the browsers fault that another app has a security flaw.

    --
    Curiosity was framed, Ignorance killed the cat.