2 matches found
CVE-2011-3384
CVE-2011-3384 affects the Sage Firefox add-on (versions 1.3.10 and earlier). The root cause is improper processing during HTML page output based on feed information, enabling a cross-site scripting (XSS) vulnerability that could allow arbitrary scripts to run in the user’s browser. The documented...
CVE-2006-6919
The CVE-2006-6919 vulnerability affects the Firefox Sage extension (version 1.3.8 and earlier). An RSS feed containing an img tag with an embedded script and a trailing ">" can be manipulated so Sage closes the img element before the malicious script is executed, enabling remote JavaScript exe...