On 12 September, pdp introduced us to a 0-day exploit: Quicktime owns Firefox.
It was possible to execute program code on computers running Firefox by means of specially prepared QuickTime Link files (.qtl). The Firefox developers had already released a patch to resolve this in Firefox 126.96.36.199. Now, Apple is fixing the cause of the problem in QuickTime 7.2 for Windows Vista and XP Service Pack 2. Mac OS X was never not affected.
Security Update for QuickTime 7.2