Firefox 2.0.0.7 Update – Quicktime Pwns Firefox

firefoxA serious vulnerability in Mozilla Firefox has been addressed in release 2.0.0.7 which is now posted to the Firefox web site. The exploit involved an issue in Apple QuickTime that could reportedly lead to a full compromise of the browser and possibly the underlying operating system.

The vulnerability reported by Petko D. Petkov at gnucitizen.org , who also reported on two other QuickTime vulnerabilities last year.

Workaround: Disabling JavaScript in the browser does not protect against this attack; in vulnerable versions scripts passed through the -chrome option would be executed regardless of the JavaScript setting for web content, much as interpreters for languages such as Perl and Python execute scripts passed on the command line. The NoScript add-on, however, has provided protection against this class of attack since the cross-browser vulnerabilities described by MFSA 2007-23 were discovered. ~ Mozilla Foundation Security Advisory 2007-28

Download

Firefox 2.0.0.7 is now available for Windows, Mac, and Linux for free download from http://getfirefox.com.

References

Advertisements

Leave a comment

Filed under Internet Browser, Mozilla Firefox

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s