Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firefox Susceptible To QuickTime Security Flaw

Posted by kdawson on from the exploit-available-in-the-wild dept.

Hugh Pickens writes "Apple's QuickTime media player software contains a previously undocumented security weakness in the way QuickTime handles the RTSP media-streaming protocol. The vulnerability is present in QuickTime versions 4.0 through 7.3 (the latest version) on both Windows and Mac systems. Symantec has tested the publicly available exploit code and found that it failed to work properly against Internet Explorer 6/7 or Safari 3 Beta but the exploit works against Firefox if users have chosen QuickTime as the default player for multimedia formats. Firefox users are more susceptible to this attack because Firefox farms off the request directly to the QuickTime Player as a separate process outside of its control, while IE loads the QuickTime Player as an internal plugin and when the overflow occurs, standard buffer-overflow protection is triggered, shutting down the affected processes before any damage can occur."

2 of 231 comments (clear)

  1. Re:And this is a firefox problem... by m4ximusprim3 · · Score: 0, Offtopic

    Yeah, and how is it the US's problem if we farm out security to an external security firm like blackwa... Oh, wait, you mean it reflects badly on us? What? Why don't people just realize that it's not our fault?

  2. Can someone explain the top of this Slashdot page? by Seumas · · Score: 0, Offtopic

    Top right, in the links section for this page.

    "Compare prices for Mozilla".

    Uh . . . .