2 matches found
Cross site scripting
Sage 1.4.3 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed...
CVE-2009-4102
The CVE-2009-4102 entry concerns the Sage Firefox extension (1.4.3 and earlier) which processes feed descriptions with chrome privileges, enabling remote command execution and cross-domain scripting via crafted RSS/Atom feeds. Affected versions include Sage prior to 1.4.6; Debian’s advisory and J...