4 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in the Sage add-on 1.3.10 and earlier for Firefox allows remote attackers to inject arbitrary web script or HTML via a crafted feed, a different vulnerability than CVE-2009-4102...
[SECURITY] [DSA 1951-1] New firefox-sage packages fix insufficient input sanitizing
------------------------------------------------------------------------ Debian Security Advisory DSA-1951-1 [email protected] http://www.debian.org/security/ Steffen Joeris December 15, 2009 http://www.debian.org/security/faq -...
[SECURITY] [DSA 1951-1] New firefox-sage packages fix insufficient input sanitizing
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1951-1 [email protected] http://www.debian.org/security/ Steffen Joeris December 15, 2009 http://www.debian.org/security/faq -...
CVE-2009-4102
The CVE-2009-4102 entry concerns the Sage Firefox extension (1.4.3 and earlier) which processes feed descriptions with chrome privileges, enabling remote command execution and cross-domain scripting via crafted RSS/Atom feeds. Affected versions include Sage prior to 1.4.6; Debian’s advisory and J...