Mozilla developers released a patch for the Firefox Web browser on Tuesday, six days after a researcher posted a proof-of-concept exploit for an issue in how the browser handles requests from Quicktime.

The vulnerability could allow a malicious media file to send an attack through Quicktime to Firefox, if the program is the default Web browser for the system. A specially crafted request could compromise the victim's computer, but so far the attack has only worked on the Windows operating system, according to Mozilla.

"This will protect Firefox users from the public critical security vulnerability until a patch is available from Apple," Window Snyder, chief security officer for the Mozilla Foundation, said in a blog post announcing the fix. "The window of opportunity for attackers is reduced and so is the potential to compromise users."

Dealing with malicious data passed by other programs has been a theme this year for both Mozilla's Firefox and Microsoft's Internet Explorer. In July, both programs were found to poorly handle data sent using a uniform resource identifier (URI) from other programs. Mozilla updated Firefox to eliminate many of the issues.

The latest version of Firefox, version 2.0.0.7, can be downloaded from Mozilla.

If you have tips or insights on this topic, please contact SecurityFocus.