Tue, Apr 17 2007 14:02
Don
Mozilla Firefox Wizz RSS News Reader Extension Cross-Context Scripting
Description:
A vulnerability has been reported in the Wizz
RSS News Reader extension for Mozilla Firefox, which can be exploited
by malicious people to compromise a vulnerable system.
Certain input is not properly sanitised before being used and can be
exploited to e.g. execute arbitrary script code within the "chrome:"
context.
Successful exploitation requires that a user is tricked into loading a specially crafted RSS feed.
The vulnerability is reported in versions prior to 2.1.9.
Solution:
Update to version 2.1.9.
https://addons.mozilla.org/en-US/firefox/addon/424
http://secunia.com/advisories/24913/
Filed under: Alerts