7.8 High
AI Score
Confidence
High
0.009 Low
EPSS
Percentile
82.4%
infoRSS 1.1.4.2 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed.
secunia.com/advisories/37467
www.vupen.com/english/advisories/2009/3323
addons.mozilla.org/en-US/firefox/addons/versions/361
exchange.xforce.ibmcloud.com/vulnerabilities/54370