Sunday, September 23, 2007

Vulnerability found and fixed in Firefox and Seamonkey

It is the reason behind the new Firefox update (2.0.0.7). It's sort of an infecting code could be excuted in the browser via QuickTime links. This vulnerability is described as critical because it could shut off your system. It allows the attacker to inject and execute codes into your computer, install malware...

On his blog Petko D. Petkov reported that QuickTime Media-Link files contain a qtnext attribute that could be used on Windows systems to launch the default browser with arbitrary command-line options. When the default browser is Firefox 2.0.0.6 or earlier use of the -chrome option allowed a remote attacker to run script commands with the full privileges of the user. This could be used to install malware, steal local data, or otherwise corrupt the victim's computer.

How to fix it? just update your Firefox browser to 2.0.0.7

The reporter's blog
Mozilla foundation security advisory
Update your browser

No comments: