Upstream information
Description
Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer.SUSE information
Overall state of this security issue: Does not affect SUSE products
No SUSE Bugzilla entries cross referenced.SUSE Security Advisories:
- SUSE-SA:2007:057, published Thu, 25 Oct 2007 18:00:00 +0000
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 05:12:52 2013CVE page last modified: Tue Jul 1 12:15:27 2025