- Joined
- Mar 5, 2002
- Messages
- 25,739
- Reaction score
- 1,204
As noted here, a vulnerability involving Firefox and QuickTime was reported, and code advising how to take advantage of that vulnerability has been published.
As noted by Mozilla, "Disabling JavaScript in the browser does not protect against this attack; in vulnerable versions scripts passed through the -chrome option would be executed regardless of the JavaScript setting for web content, much as interpreters for languages such as perl and Python execute scripts passed on the command line. The NoScript add-on, however, has provided protection against this class of attack since the cross-browser vulnerabilities described by MFSA 2007-23 were discovered."
It is strongly recommended that you download Firefox 2.0.0.7 as soon as possible, because it fixes this QuickTime vulnerability by removing the ability to run arbitrary scripts from the command line.
Source: Spyware Sucks
As noted by Mozilla, "Disabling JavaScript in the browser does not protect against this attack; in vulnerable versions scripts passed through the -chrome option would be executed regardless of the JavaScript setting for web content, much as interpreters for languages such as perl and Python execute scripts passed on the command line. The NoScript add-on, however, has provided protection against this class of attack since the cross-browser vulnerabilities described by MFSA 2007-23 were discovered."
It is strongly recommended that you download Firefox 2.0.0.7 as soon as possible, because it fixes this QuickTime vulnerability by removing the ability to run arbitrary scripts from the command line.
Source: Spyware Sucks