Firefox Susceptible To QuickTime Security Flaw, what about Second Life Client ?

Yesterday I saw the following on Slashdot.org :

Apple’s QuickTime media player software contains a previously undocumented security weakness in the way QuickTime handles the RTSP media-streaming protocol. The vulnerability is present in QuickTime versions 4.0 through 7.3 (the latest version) on both Windows and Mac systems. Symantec has tested the publicly available exploit code and found that it failed to work properly against Internet Explorer 6/7 or Safari 3 Beta but the exploit works against Firefox if users have chosen QuickTime as the default player for multimedia formats. Firefox users are more susceptible to this attack because Firefox farms off the request directly to the QuickTime Player as a separate process outside of its control, while IE loads the QuickTime Player as an internal plugin and when the overflow occurs, standard buffer-overflow protection is triggered, shutting down the affected processes before any damage can occur.”

And I realized that the Second Life Client is also using QuickTime. A simple test produced the following picture when applied on the windows version of the Second Life Client. So it seems that Second Life Client is also suffering from the same problem as Firefox does.

slcrash.jpg

At the moment I only had time to try it on Windows and I have no idea if the same problem exists on the Mac.

Advertisements

2 thoughts on “Firefox Susceptible To QuickTime Security Flaw, what about Second Life Client ?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s