Published: 29/11/2009 Updated: 17/08/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Sage 1.4.3 and previous versions extension for Firefox performs certain operations with chrome privileges, which allows remote malicious users to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sage.mozdev sage 1.3.8
sage.mozdev sage
mozilla firefox

It was discovered that firefox-sage, a lightweight RSS and Atom feed reader for Firefox, does not sanitise the RSS feed information correctly, which makes it prone to a cross-site scripting and a cross-domain scripting attack For the oldstable distribution (etch), this problem has been fixed in version 136-4etch1 For the stable distribution (le ...

CWE-20 http://secunia.com/advisories/37466 http://www.securityfocus.com/bid/37120 http://www.net-security.org/secworld.php?id=8527 http://www.vupen.com/english/advisories/2009/3324 http://forums.mozillazine.org/viewtopic.php?f=48&t=1603515&start=0 http://www.debian.org/security/2009/dsa-1951 http://jvndb.jvn.jp/jvndb/JVNDB-2011-000070 http://jvn.jp/en/jp/JVN99203127/index.html https://exchange.xforce.ibmcloud.com/vulnerabilities/54396 https://nvd.nist.gov https://www.debian.org/security/./dsa-1951

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-4102

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect