Mozilla has mobilized its Firefox developers and come up with a patched version of its open source browser to protect against a zero day exploit involving Apple's QuickTime.

Firefox 2.0.0.7 is expected to be officially released later today and will plug the flaw. On Sept. 12 security researcher Petko D. Petkov reported that Apple QuickTime media formats can hack into Firefox. When launching QuickTime from Firefox a remote hacker could have potentially launched arbitrary script commands with the full privileges of the user.

"The result of this vulnerability can lead to full compromise of the browser and maybe even the underlying operating system," Petkov warned in his advisory on the issue.

At the time Petkov issued his warning, Mozilla the same day labeled the bug as #395942 in its bugzilla bug tracking system and immediately began the process of coming up with a fix. Mozilla developer Gavin Sharp wrote in a bugzilla entry that the QuickTime plug-in should be fixed to not allow launching the default browser with arbitrary parameters.

Apparently Mozilla had attempted to prevent this type of vulnerability as recently as the Firefox 2.0.0.5 release with its fix for the Remote code execution by launching Firefox from Internet Explorer bug, also known as MFSA 2007-23.

"The fix for MFSA 2007-23 was intended to prevent this type of attack, but QuickTime calls the browser in an unexpected way that bypasses that fix," Mozilla advisory on the Quick Time error notes.

This article was first published on InternetNews.com. To read the full article, click here.