Upstream information

CVE-2006-4965 at MITRE

Description

Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer.

SUSE information

Overall state of this security issue: Does not affect SUSE products

No SUSE Bugzilla entries cross referenced.

SUSE Security Advisories:


SUSE Timeline for this CVE

CVE page created: Fri Jun 28 05:12:52 2013
CVE page last modified: Tue Jul 1 12:15:27 2025