7 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.018 Low
EPSS
Percentile
88.1%
Sage 1.4.3 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed.
CPE | Name | Operator | Version |
---|---|---|---|
sage.mozdev:sage | sage.mozdev sage | le | 1.4.3 |
sage.mozdev:sage | sage.mozdev sage | eq | 1.3.8 |
mozilla:firefox | mozilla firefox | eq | * |
forums.mozillazine.org/viewtopic.php?f=48&t=1603515&start=0
jvn.jp/en/jp/JVN99203127/index.html
jvndb.jvn.jp/jvndb/JVNDB-2011-000070
secunia.com/advisories/37466
www.debian.org/security/2009/dsa-1951
www.net-security.org/secworld.php?id=8527
www.securityfocus.com/bid/37120
www.vupen.com/english/advisories/2009/3324
exchange.xforce.ibmcloud.com/vulnerabilities/54396