Mozilla has released a patch today for its popular Firefox webbrowser which ditches the ability to run arbitrary script from the Firefox command line, a quick fix for a year-old QuickTime bug that could be used to take over user systems. Security researcher Petko D. Petkov on Sept. 12 posted proof-of-concept code showing that the low-risk, year-old QuickTime bug could easily be turned into a high-risk attack on Firefox, Internet Explorer, Skype and other programs. Petkov-aka pdp-showed how QuickTime media formats can be used to get into Firefox, leading to full browser compromise and perhaps even to compromise of the underlying operating system.
Read full story...
More...
Linear Mode
