CVE-2009-4101

2009-11-29T13:08:00
ID CVE-2009-4101
Type cve
Reporter cve@mitre.org
Modified 2017-08-17T01:31:00

Description

infoRSS 1.1.4.2 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed. Per information from the following advisory: http://www.net-security.org/secworld.php?id=8527 raised the score to CIA:complete since this vulnerability gives attacker the full access to the computer.