Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

SECURITY FIX: Mozilla Foundation Security Advisory 2007-28

September 19th 2007 in Uncategorized

As noted here, a vulnerability involving Firefox and QuickTime was reported, and code advising how to take advantage of that vulnerability has been published.


As noted by Mozilla, “Disabling JavaScript in the browser does not protect against this attack; in vulnerable versions scripts passed through the -chrome option would be executed regardless of the JavaScript setting for web content, much as interpreters for languages such as perl and Python execute scripts passed on the command line. The NoScript add-on, however, has provided protection against this class of attack since the cross-browser vulnerabilities described by MFSA 2007-23 were discovered.


It is strongly recommended that you download Firefox 2.0.0.7 as soon as possible, because it fixes this QuickTime vulnerability by removing the ability to run arbitrary scripts from the command line.


Comments are closed.

The IE team have blogged about the release of a new version of the SiteLock Template for ActiveX Controls.  I can’t stress strongly enough how important it is that developers place security first when developing controls. 
Over the years there have been numerous instances where ActiveX controls have exposed a vulnerability that has been exploited […]

Previous Entry

Microsoft quietly added detection of the “Storm” family of malware to the September build of its Malicious Software Removal Tool.  The MSRT is released as part of the monthly security update cycle (although I do wish it was updated more often – it can be an extremely effective tool in the fight against malware, as […]

Next Entry

Archives