Mountain View (CA) – Mozilla has fixed a critical bug that plagued the way Quicktime files interacted with its Firefox browser.
The problem, which was publicly reported last week, “could be used to install malware, steal local data, or otherwise corrupt the victim’s computer,” according to an security bulletin from Mozilla.
The company’s security chief Window Snyder said that Petko Petkov, the man who uncovered the flaw, “provided proof of concept code that may be easily converted into an exploit, so users should consider this a very serious issue.”
At issue is a vulnerability that Mozilla said it took care of in a July 2007 update. However, Petkov found a way to circumvent the barriers set up by that patch.
Firefox users have already received a mandatory update notice, upgrading the software to version 220.127.116.11. The Quicktime bug is the only thing addressed in the update.