Latest posts for the topic "0DAY: QuickTime pwns Firefox"

0DAY: QuickTime pwns Firefox

mfeng — GMT

0DAY: QuickTime pwns Firefox ISSUE Petko D. Petkov identified an issue in Quicktime that allows an attacker to execute arbitrary code. IMPACT Vulnerable System: Firefox 2.0.0.6 and below. If Firefox is the default browser when a user plays a malicious media file handled by Quicktime, an attacker can use a vulnerability in Quicktime to compromise Firefox or the local machine. This can happen while browsing or by opening a malicious media file directly in Quicktime. So far this is only reproducible on Windows. Petkov provided proof of concept code that may be easily converted into an exploit, so users should consider this a very serious issue. EXPLOIT Following exploit code will execute notepad.exe a.mov Code:

a.html Code:



a.mp3

ADDITIONAL INFORMATION More information here: http://www.gnucitizen.org/projects/0day-quicktime-pwns-firefox/

Re: 0DAY: QuickTime pwns Firefox

mfeng — GMT

Giải pháp hiện tại: disable plugin Quicktime của firefox Trong C:\Program Files\Mozilla Firefox\plugins, có các file npqtplugin?.dll. Đổi tên thành *.dlx hoặc dời sang thư mục khác.

Re: 0DAY: QuickTime pwns Firefox

gsmth — GMT

pdp responds wrote:

I would recommend to install NoScript if you are a Firefox user and switch to Firefox with NoScript if you use any other browser. When a fix is available, restore your settings.

Re: 0DAY: QuickTime pwns Firefox

blueocean89 — GMT

using No Script may cause some problem in sufering the web, coz some website have script enabled to work! :D so...disabling plugin is better.

Re: 0DAY: QuickTime pwns Firefox

mfeng — GMT

Đã có Firefox 2.0.0.7 rồi. Không cần phải lo về bug này nữa :)