CVE-2009-4102

NameCVE-2009-4102
DescriptionSage 1.4.3 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1951-1
NVD severityhigh (attack range: remote)
Debian Bugs559267

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
firefox-sagesource(unstable)1.4.3-4medium559267
firefox-sagesourceetch1.3.6-4etch1highDSA-1951-1
firefox-sagesourcelenny1.4.2-0.1+lenny1highDSA-1951-1

Search for package or bug name: Reporting problems