Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firefox Susceptible To QuickTime Security Flaw

Posted by kdawson on from the exploit-available-in-the-wild dept.

Hugh Pickens writes "Apple's QuickTime media player software contains a previously undocumented security weakness in the way QuickTime handles the RTSP media-streaming protocol. The vulnerability is present in QuickTime versions 4.0 through 7.3 (the latest version) on both Windows and Mac systems. Symantec has tested the publicly available exploit code and found that it failed to work properly against Internet Explorer 6/7 or Safari 3 Beta but the exploit works against Firefox if users have chosen QuickTime as the default player for multimedia formats. Firefox users are more susceptible to this attack because Firefox farms off the request directly to the QuickTime Player as a separate process outside of its control, while IE loads the QuickTime Player as an internal plugin and when the overflow occurs, standard buffer-overflow protection is triggered, shutting down the affected processes before any damage can occur."

4 of 231 comments (clear)

  1. Safety through laziness. by backbyter · · Score: 0, Troll

    QuickTime?

    Haven't installed that in several years.

  2. The real shame! by Kylere · · Score: 1, Troll

    Anyone smart enough to use Firefox should also be smart enough not to use Quicktime. Quicktime is an excellent example of poorly written software, if it were not for complete trash like WMP no one would use it. Everyone sane uses VLC anyways.

  3. Re:That does it for me... by El+Lobo · · Score: 0, Troll

    Actually, using IE7 on Vista in it's DEFAULT sandboxed mode will protect you from almost every 3rd party plugin problem.... So you ARE partially right. I use it my self IE7 sandoxed on Vista and have no intentions to change to whatever...

    --
    It's time to realise that Abble's products are the biggest abomination these days. Just say NO to the dumb iAbble way!!
  4. Re:And this is a firefox problem... by Bill,+Shooter+of+Bul · · Score: 0, Troll

    I don't want a large number of people using a browser that doesn't take security seriously. programs have bugs, many of them turn out to be exploitable. For the good of everyone using the net, the dominant technologies should be those that minimize the threat of malicious code. We're just beginning to see the damage that can be wrought by bot nets. So I would hope that in light of your preferences, you would use lnyx, or create your own browser and never share it with anyone else.

    --
    Well.. maybe. Or Maybe not. But Definitely not sort of.