A year-old bug in QuickTime that, when paired with Firefox allows, hackers to hijack PCs and Macs now has Mozilla Corp. scrambling for a fix, the company"s chief security officer said Wednesday.
According to Petko Petkov, a U.K.-based Web application penetration tester, the current version of QuickTime contains a flaw in its Media Link (.qtl file formats) function. Any file with a QuickTime-supported extension -- there are more than 60 -- will be parsed by Apple Inc."s media player. However, because it fails to sanitize the XML content, an attack can sneak links to malicious JavaScript into the file, and get QuickTime to run it.