From the available information, it appears that there is a problem with how QuickTime handles XML data that is presented as a valid QuickTime media format. Browsers enabled with a QuickTime plugin have been demonstrated to be vulnerable to an attack based on this (it has yet to be determined if it is the browser interpreting the XML, or the plugin, but multiple browsers are vulnerable).

Description:

A web security researcher has identified a vulnerability with the way that a number of browsers handle different QuickTime media files. At this stage, it is too early to determine if the vulnerability is with the QuickTime plugin (likely), or the browsers. Along with the disclosure of the vulnerability, public exploit samples were provided. At this time there has been no response from Apple about the potential vulnerability.

Mitigation:

Consider the use of alternate QuickTime media handling libraries, or change the handling of QuickTime from within the browser.

Updates:

Source:

http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox

Exploits:

Various Sources