CVE-2009-4102

Sage 1.4.3 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:sage.mozdev:sage:*:*:*:*:*:*:*:*
cpe:2.3:a:sage.mozdev:sage:1.3.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-11-29 13:08

Updated : 2024-02-04 17:33


NVD link : CVE-2009-4102

Mitre link : CVE-2009-4102

CVE.ORG link : CVE-2009-4102


JSON object : View

Products Affected

mozilla

  • firefox

sage.mozdev

  • sage
CWE
CWE-20

Improper Input Validation