Mozilla Corp. has fixed a critical bug in the way the Firefox browser works with QuickTime media files.The flaw, which was reported last week by hacker Petko Petkov, givesattackers a way to run unauthorized commands on a victim’s PC. “Thiscould be used to install malware, steal local data, or otherwisecorrupt the victim’s computer,” Mozilla said in a security advisorypublished Tuesday.A July 2007 patch was supposed to take care of this type of problem,but Petkov showed how attackers could still run commands on a victim’ssystem by tricking a victim into opening a maliciously coded QuickTimemedia file.In fact, until Apple addresses the underlying flaw in QuickTime, therestill could be headaches for users, Mozilla said in its securityadvisory on the issue. “QuickTime Media-link files could still be usedto annoy users with popup windows and dialogs until this issue is fixedin QuickTime,” the advisory states. The common security measure of disabling JavaScript does not preventthis attack, although the NoScript Firefox add-on does provideprotection, Mozilla said.“Petkov provided proof of concept code that may be easily convertedinto an exploit, so users should consider this a very serious issue,”Mozilla’s security chief, Window Snyder said in a recent blog posting.Mozilla has been able to reproduce this bug only on the Windowsoperating system, she added. The flaw also affects the Internet Explorer browser, Petkov said on hisblog. However, IE’s security policies make the flaw less critical onMicrosoft’s browser, he added.The Firefox 2.0.0.7 update was pushed out to users starting around 3p.m. Pacific Time on Tuesday. It contains only one security update: theQuickTime fix. By Robert McMillan, IDG News Service (San Francisco Bureau) Related content news Google Chrome zero-day jumps onto CISA's known vulnerability list A serious security flaw in Google Chrome, which was discovered under active exploitation in the wild, is a new addition to the Cybersecurity and Infrastructure Agency’s Known Exploited vulnerabilities catalog. By Jon Gold Oct 03, 2023 3 mins Zero-day vulnerability Vulnerabilities Security brandpost The advantages and risks of large language models in the cloud Understanding the pros and cons of LLMs in the cloud is a step closer to optimized efficiency—but be mindful of security concerns along the way. By Daniel Prizmant, Senior Principal Researcher at Palo Alto Networks Oct 03, 2023 5 mins Cloud Security news Arm patches bugs in Mali GPUs that affect Android phones and Chromebooks The vulnerability with active exploitations allows local non-privileged users to access freed-up memory for staging new attacks. By Shweta Sharma Oct 03, 2023 3 mins Android Security Vulnerabilities news UK businesses face tightening cybersecurity budgets as incidents spike More than a quarter of UK organisations think their cybersecurity budget is inadequate to protect them from growing threats. By Michael Hill Oct 03, 2023 3 mins CSO and CISO Risk Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe