Mountain View (CA) - Mozilla has fixed a critical bug that plagued the way Quicktime files interacted with its Firefox browser.

The problem, which was publicly reported last week, "could be used to install malware, steal local data, or otherwise corrupt the victim's computer," according to an security bulletin from Mozilla.

The company's security chief Window Snyder said that Petko Petkov, the man who uncovered the flaw, "provided proof of concept code that may be easily converted into an exploit, so users should consider this a very serious issue."

At issue is a vulnerability that Mozilla said it took care of in a July 2007 update.  However, Petkov found a way to circumvent the barriers set up by that patch.

Firefox users have already received a mandatory update notice, upgrading the software to version 2.0.0.7.  The Quicktime bug is the only thing addressed in the update.

Not all Firefox users have received an update notic...

Sep 19, 2007 11:38     

Not all Firefox users have received an update notice. I didn't!
Steve report abuse vote down vote up Votes: +0

nice timing

Sep 19, 2007 11:44     

I got the update popup less then 2 minutes before reading this stuff =D
coke report abuse vote down vote up Votes: +0

The same bug, but in a different way

Sep 19, 2007 14:50     

So Mozilla was supposed to have fixed a problem between Firefox and Quicktime, but this guy found another way to get around the fix they put out? Well, at least Mozilla fixed it when they heard about it, though I am wondering since I am using Mozilla's Minefield Pre-Alpha thing, whether it applies to Firefox 3 as well.
Christopher report abuse vote down vote up Votes: +0

Update Notices

Sep 21, 2007 11:27     

Its never good to rely on automatic or email update notices. Firefox along with almost all major software today has an update selection in a drop down box (Help for Firefox). Smart computer users continually run the manual updates. Rarely have I ever found that an update from a major software product does not work. (I avoid Microsoft products LOL). Besides you can always roll back to the prior version if the update doesn't work right. Keep your computer updated and clean of junk and it will be good to you

Mike report abuse vote down vote up Votes: +0