mozilla -- code execution via Quicktime media-link files

2007-09-18T00:00:00
ID 3CE8C7E2-66CF-11DC-B25F-02E0185F8D72
Type freebsd
Reporter FreeBSD
Modified 2007-12-14T00:00:00

Description

The Mozilla Foundation reports a vulnerability within the mozilla browser. This vulnerability also affects various other browsers like firefox and seamonkey. The vulnerability is caused by QuickTime Media-Link files that contain a qtnext attribute. This could allow an attacker to start the browser with arbitrary command-line options. This could allow the attacker to install malware, steal local data and possibly execute and/or do other arbitrary things within the users context.