Home | Firefox, News, Security | New QuickTime vulnerability: rtsp://
-->

New QuickTime vulnerability: rtsp://

By: Percy Cabello
Published: November 27th, 2007
  •  Print

Mozilla Security has confirmed a new vulnerability involving the QuickTime plugin originally published by the CERT following a public disclosure a few days before including a proof of concept.

This time it is a stack buffer overflow vulnerability in the way QuickTime handles RTSP (Real Time Streaming Protocol) content that may allow malicious code execution. The vulnerability affects Mac and Windows users who use QuickTime player or iTunes.

Firefox may become another vector if the QuickTime plugin is installed. There’s no solution so far for the problem but CERT has a list of workarounds to disable the QuickTime plugin.

Firefox 3 Beta 1 users can open the Add-ons manager (Tools menu, Add-ons), select the Plugins page, look for all QuickTime related plugins and press Disable.

Disable QuickTime plugin Firefox 3

You can leave a response, or trackback from your own site.

1 Comments on “New QuickTime vulnerability: rtsp://”

Subscribe to this post's RSS feed

  1. 1. jeff
    November 29th, 2007 at 5:14 pm

    I don’t see any mention of what versions of QuickTime have this vulnerability. If we don’t say, how will we know when there is a version that is safe to use?

    FWIW, uninstalling QuickTime also disables iTunes, so it’s going to affect more than just viewing videos.

    [Reply]

0 Trackbacks/Pings (Trackback URL)

Leave a Reply




Comment:

Firefox 3

Links

  • Online Shopping
  • Document Scanning Services
  • 5GB free for your music
  • Voucher Codes & Discount Codes
  • CyberDefender Software

    • Recent Entries

    Recent Comments