Quicktime to Firefox issue

Window Snyder


Petko D. Petkov identified an issue in Quicktime that allows an attacker to execute arbitrary code.


If Firefox is the default browser when a user plays a malicious media file handled by Quicktime, an attacker can use a vulnerability in Quicktime to compromise Firefox or the local machine. This can happen while browsing or by opening a malicious media file directly in Quicktime. So far this is only reproducible on Windows.

Petkov provided proof of concept code that may be easily converted into an exploit, so users should consider this a very serious issue.


Mozilla is working with Apple to keep our users safe and we are also investigating ways to mitigate this more broadly in Firefox.

You can follow our work in bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=395942


Petko D. Petkov discovered this issue and posted details here.