Mozilla Updates Firefox To Patch QuickTime Bug - InformationWeek
IoT
IoT
Software // Enterprise Applications
News
9/19/2007
12:45 PM
50%
50%
RELATED EVENTS
Threat Intelligence Overload?
Aug 23, 2017
A wide range of threat intelligence feeds and services have cropped up keep IT organizations up to ...Read More>>

Mozilla Updates Firefox To Patch QuickTime Bug

Six days after proof-of-concept code was released for a long-unpatched bug in Apple's QuickTime media player, Firefox is updated with a fix.

Trying to fend off attacks aimed at Apple's QuickTime media player that could hurt Firefox, Mozilla pushed out a new version of its Web browser.

Last week, Mozilla confirmed that a year-old unpatched vulnerability in Apple's QuickTime media player opens up a backdoor that could allow a hacker to break into Firefox. A researcher who discovered the flaw posted proof-of-concept exploits for it on his blog.

Now a week later, Mozilla released Firefox 2.0.0.7 to patch the QuickTime vulnerability.

"This will protect Firefox users from the public critical security vulnerability until a patch is available from Apple," wrote Window Snyder, Mozilla's top security executive, in her blog Tuesday. "This issue was patched in only six (or 6.25 according to John O'Duinn) days. When a vendor ships security fixes quickly, it lowers the incentive for attackers to spend time developing and deploying an exploit for that issue. The window of opportunity for attackers is reduced and so is the potential to compromise users. So thanks, you guys, for helping destroy the economics of malicious exploit development."

The U.S.-CERT is recommending users update to the new release.

Petko D. Petkov, a penetration tester who discovered the bug, said in a blog post that the "vulnerability can lead to a full compromise of the browser and maybe even the underlying operating system." Petkov released information about two QuickTime bugs a year ago, but noted that only one has been patched. The other remains a problem, especially for users of the open-source Firefox browser.

The researcher said in his blog, Gnucitizen, that he posted a demonstration of how the bug could be used to hack into Firefox to make a point. "The first vulnerability was fixed, but the second one was completely ignored," he wrote. "I tried to bring the spotlight on the second vulnerability one more time over here, yet nobody listened."

Apple issued at least three separate patch updates for QuickTime in the last several months.

QuickTime is Apple's multimedia technology for dealing with video, sound, animation, text, and music. The technology is widely used. The highly popular iPod uses the iTunes media player, which people run on their PCs and Macs. ITunes, in turn, uses QuickTime.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
[Interop ITX 2017] State Of DevOps Report
[Interop ITX 2017] State Of DevOps Report
The DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll