Security testing
Scanit offers penetration tests, vulnerability assessments and web application audits.
Learn ethical hacking.
Scanit offers 5-day training on ethical hacking.

Mozilla code execution via QuickTime Media-link files (CVE-2006-4965)

Description

A vulnerability in Mozilla browsers in handling Apple QuickTime object allows executing arbitrary code. The JavaScript code specified in "qtnext" attribute can be executed with chrome privileges. Chrome is the user interface of Mozilla browsers. JavaScript running in chrome has elevated privileges and can read and write files and execute programs.

This is an arbitrary code execution vulnerability. It means that it can be used to place a backdoor, a virus or spyware on the vulnerable computer.

Recommendations

If you are running Mozilla Firefox 2 upgrade to version 2.0.0.7 or later. If you are running Mozilla Firefox 1.0 or 1.5 upgrade to 2.0 branch. Firefox 1.0 and 1.5 are no longer supported by Mozilla Foundation.

If you are using some other Mozilla-based browser, try upgrading to the latest available version or consult your vendor.

References