Computer Security
[EN] securityvulns.ru no-pyccku


firefox-sage RSS reader crossite scripting
Published:15.12.2009
Source:
SecurityVulns ID:10470
Type:client
Threat Level:
5/10
Description:It's possible to inject script into RSS data.
Affected:SAGE : Sage 1.4
CVE:CVE-2009-4102 (Sage 1.4.3 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1951-1] New firefox-sage packages fix insufficient input sanitizing (15.12.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod