There is a bug in Quicktime's java handling that opens a pretty serious security hole allowing a malicious website to compromise a users system. This is pretty embarrassing for Apple, not just because it's a serious security hole, but also because it allows for Windows systems with Quicktime installed to be compromised as well (and any computer with iTunes installed has Quicktime installed.) This effects both Firefox (Windows or Mac) and Safari when browsing with java turned on (java, not javascript.) Turning off java in your browser preferences closes the hole. People should definitely do this until a fix is released. (And while this doesn't make it any better - you most likely won't notice any difference browsing with java off since almost no sites use client side java applets.)
- jim 4-25-2007 11:51 pm

Just to be clear because there was already some confusion - even if you have Quicktime installed on Windows, this specific issue is not a concern in Internet Explorer. So if you only browse with IE don't worry (about this one at least.)

- jim 4-26-2007 12:25 am


Thanks for the heads up--I turned off java in Firefox. Let me know if you hear of a fix.
- tom moody 4-26-2007 2:16 am


Click off enable java AND click off enable javascript?
- jimlouis 4-26-2007 3:54 am


Just Java.
Then go have a cup of coffee.
- tom moody 4-26-2007 4:17 am


linda can you do this for us??
- Skinny 4-26-2007 1:40 pm


Thanks.
- jimlouis 4-26-2007 4:47 pm


The only thing out of the ordinary I've noticed after turning off Java:

If I play a file in Quicktime in the browser and hit "back" I get a dialogue that says "You have performed an illegal operation. It is recommended that you close Firefox. OK?"

I have to click Cancel to exit the dialogue and everything's fine.
- tom moody 4-26-2007 5:02 pm


I'm surprised it does that. [Lame technical troubleshooting response when you don't really know what the trouble is:] Do you have the latest Firefox?
- jim 4-26-2007 5:04 pm


After I posted this, I just discovered:

I streamed a song from my own page here at the Tree. No problem loading or going back.

The problem happened on the other site so I'll move this report over there.
- tom moody 4-26-2007 5:12 pm


Never mind. The problem appears to be with some specific files on the other site.
- tom moody 4-26-2007 5:33 pm


I have just been alerted to a Java update, presumably with the fix (?)
- jimlouis 5-09-2007 9:25 pm


Please let me know. I did find one page with a Java applet I'd like to see.
- tom moody 5-09-2007 9:41 pm


Yes sorry. This was fixed a few days after it was discovered. I forgot to post. The update fixes it, and has now been tested for a bit and is fine. Fire away.
- jim 5-09-2007 9:55 pm


I have Firefox 1.5.0.11
It says no updates are available.
Are we talking about getting 2.0 for the fix?
- tom moody 5-09-2007 10:02 pm


No, it's Quicktime you have to update (or for Mac here, although you're better off just running Software Update from System Preferences.)
- jim 5-09-2007 10:12 pm


Thanks. I have Quicktime Pro on one computer. Wasn't there something about Quicktime updates making you lose Pro features?
- tom moody 5-09-2007 10:14 pm


They do that (lame!) but only for big feature updates (like when they go to 8.0) - never ever for bug fixes or other minor updates.
- jim 5-09-2007 10:23 pm





add a comment to this page:

Your post will be captioned "posted by anonymous,"
or you may enter a guest username below:


Line breaks work. HTML tags will be stripped.