Lucene search
HistoryNov 29, 2009 - 1:08 p.m.
CVE-2009-4101
inforss
firefox
arbitrary commands
rss
cross-domain scripting
cve-2009-4101
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.2 High
AI Score
Confidence
High
0.009 Low
EPSS
Percentile
82.4%
infoRSS 1.1.4.2 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed.
Affected configurations
Node
didier_ernotteinforssRangeβ€1.1.4.2
ORdidier_ernotteinforssMatch0.5
ORdidier_ernotteinforssMatch0.7.7
ORdidier_ernotteinforssMatch0.8.4
ORdidier_ernotteinforssMatch0.8.7
ORdidier_ernotteinforssMatch0.8.8.1
ORdidier_ernotteinforssMatch0.8.8.2
ORdidier_ernotteinforssMatch0.8.9
ORdidier_ernotteinforssMatch0.8.9.1
ORdidier_ernotteinforssMatch0.8.9.3
ORdidier_ernotteinforssMatch0.8.9.4
ORdidier_ernotteinforssMatch0.8.9.5
ORdidier_ernotteinforssMatch0.9.0
ORdidier_ernotteinforssMatch0.10.0
ORdidier_ernotteinforssMatch0.10.1
ORdidier_ernotteinforssMatch1.0.0
ORdidier_ernotteinforssMatch1.1.0.1
ORdidier_ernotteinforssMatch1.1.1
ORdidier_ernotteinforssMatch1.1.2
ORdidier_ernotteinforssMatch1.1.3
ORdidier_ernotteinforssMatch1.1.4
ORdidier_ernotteinforssMatch1.1.4.1
mozillafirefox
Related
prion
prion
Cross site scripting
2009-11-29 13:08:00
cvelist
cvelist
CVE-2009-4101
2009-11-28 11:00:00
seebug
seebug
Firefox infoRSSζ©ε±RSSζΊθ·¨εθζ¬ζ§θ‘ζΌζ΄
2009-12-03 00:00:00
nvd
nvd
CVE-2009-4101
2009-11-29 13:08:29
rosalinux
rosalinux
Advisory ROSA-SA-2024-2370
2024-03-12 08:35:15
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.2 High
AI Score
Confidence
High
0.009 Low
EPSS
Percentile
82.4%
Related for CVE-2009-4101