A report on ZDNet (UK) suggests that the animated cursor vulnerability just patched in yesterday’s Microsoft Security Bulletin MS07-017 can also make Firefox browsers running in a Windows environment vulnerable to the threat.

The individual who initially reported the ANI vulnerability privately to Microsoft, Alexander Sotirov of Determina, has told ZDNet.uk.co, “Firefox uses a Windows API function, which uses the vulnerable code in USER32.DLL, so the .ani vulnerability can be exploited through Firefox.”

There has been no response yet from Firefox creator Mozilla.org in its Known Vulnerabilities database.

The point of this report, of course, is that anyone who was not using Internet Explorer may have felt they didn’t need to apply the .ANI update.

NOTE: One TR member has already notified me of a problem with one of the patches in MS07-017. See the Comments section of my report on the release of MS07-017 for details to offer assistance or to post your own problems. 

I believe this is the same problem already noted in version 2.0 of KB925902.