Via gnucitizen.org (pdp) -
It seams that QuickTime media formats can hack into Firefox. The result of this vulnerability can lead to full compromise of the browser and maybe even the underlaying operating system. Don’t try this at home.
Before we move on, I have to say a few things. Last year I disclosed two highly critical QuickTime vulnerabilities here and here. The first vulnerability was fixed but the second one was completely ignored. I tried to bring the spot light on the second vulnerability one more time over here, yet nobody listened. So, I decided to post a demonstration of how a Low risk issue can be turned into a very easy to perform HIGH risk attack.
-----------------------------
Milw0rm has the exploit code and the DHS has issued an alert on the issue.
This is a Quicktime securiy issue and therefore is not limited to Firefox only.
No comments:
Post a Comment