Apple has yet to patch a critical security vulnerability in QuickTime, but the latest update to the Firefox browser protects its users from an exploit of that issue.
Firefox Updated, Fixes QuickTime Flaw
Mozilla's chief security officer Window Snyder announced the availability of Firefox 2.0.0.7 on the company's security blog. Firefox users with auto update enabled should have seen a notification that the new version has arrived on their desktops.
Snyder praised both the Mozilla engineers and the people at Apple who worked with them to quickly develop a patch for the problem:
This issue was patched in only six (or 6.25 according to John O'Duinn) days. When a vendor ships security fixes quickly, it lowers the incentive for attackers to spend time developing and deploying an exploit for that issue. The window of opportunity for attackers is reduced and so is the potential to compromise users.
A description of the QuickTime vulnerability appeared on the Mozilla Security Blog on September 12th. "If Firefox is the default browser when a user plays a malicious media file handled by Quicktime, an attacker can use a vulnerability in Quicktime to compromise Firefox or the local machine," the advisory said.
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
iEntry 10th Anniversary
RSS
Archive
