Tue, Apr 17 2007 14:02
Mozilla Firefox Wizz RSS News Reader Extension Cross-Context Scripting
A vulnerability has been reported in the Wizz
RSS News Reader extension for Mozilla Firefox, which can be exploited
by malicious people to compromise a vulnerable system.
Certain input is not properly sanitised before being used and can be
exploited to e.g. execute arbitrary script code within the "chrome:"
Successful exploitation requires that a user is tricked into loading a specially crafted RSS feed.
The vulnerability is reported in versions prior to 2.1.9.
Update to version 2.1.9.
Filed under: Alerts