FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- code execution via Quicktime media-link files

Affected packages
firefox <,1
linux-firefox <
linux-seamonkey < 1.1.5
seamonkey < 1.1.5
linux-firefox-devel < 3.0.a2007.12.12
linux-seamonkey-devel < 2.0.a2007.12.12
0 < firefox-ja
0 < linux-mozilla
0 < linux-mozilla-devel
0 < mozilla


VuXML ID 3ce8c7e2-66cf-11dc-b25f-02e0185f8d72
Discovery 2007-09-18
Entry 2007-09-19
Modified 2007-12-14

The Mozilla Foundation reports a vulnerability within the mozilla browser. This vulnerability also affects various other browsers like firefox and seamonkey. The vulnerability is caused by QuickTime Media-Link files that contain a qtnext attribute. This could allow an attacker to start the browser with arbitrary command-line options. This could allow the attacker to install malware, steal local data and possibly execute and/or do other arbitrary things within the users context.


CVE Name CVE-2006-4965