Remember DLL hell ?

Security maven: QuickTime flaw threatens PCs, Macs
Year-old bug pulls a fast on Firefox
By Dan Goodin in San Francisco
Published Wednesday 12th September 2007 20:22 GMT

"A researcher has demonstrated how a security bug in Apple's QuickTime media player that was disclosed a year ago can cause Firefox to install backdoors and other malware on a fully patched computer. He said both Windows and Mac systems are vulnerable."

http://www.theregister.com/2007/09/12/quicktime_vulnerability_attacks_firefox/

All I can say is: Just block every frickin thing by default.

If you use Firefox, update to or install the latest NoScript FF extension to cover your butt.

David H

"He said both Windows and Mac systems are vulnerable."

He said that, but he also said that he didn't have a Mac and had not tried it on a Mac. I did try it on my Mac running Firefox 2.0.0.6 on MacOS 10.4.9 and all that happened was, first I got an alert saying (paraphrased) "Your browser is attempting to authenticate as user "chrome%20javascript" on site "mozilla.org" but the site does not require authentication. This may be an attempt to trick you. Is mozilla.org really the site you want to visit? YES NO".

Even when I did click on the Yes button, it opened a tab that did not have an http://chrome of file://whatever URL as it looked like the exploit was trying to end up with. Instead it had a URL beginning with http://mozilla.org/ and more stuff that looked like it was the exploit attempt, and all that resulted in was a 404 not found error at mozilla.org.