# QuickTime + Firefox = Danger



## Glaswegian (Sep 16, 2005)

Mozilla is scrambling to fix a vulnerability related to the Firefox browser that poses a serious danger for users who also have Apple's QuickTime installed.

According to Petko Petkov, a UK-based web application penetration tester, the current version of QuickTime contains a flaw in its Media Link (.qtl file formats) function. Any file with a QuickTime-supported extension - there are more than 60 - will be parsed by Apple's media player. However, because it fails to sanitise the XML content, an attack can sneak links to malicious JavaScript into the file, and get QuickTime to run it. 


http://www.techworld.com/security/news/index.cfm?RSS&NewsID=10078


----------



## Jack.Sparrow (Jan 22, 2007)

Thanks for the leg-up


----------



## jaz_martin (Aug 23, 2007)

Good Job keeping us up-to-date.


----------

