Release date:
Updated on:
Affected Systems:
Peter Andrews Sage 1.3.10
Description:
--------------------------------------------------------------------------------
Bugtraq id: 49569
Cve id: CVE-2011-3384
Mozilla Firefox is a Web browser jointly developed by the Mozilla Foundation and open-source groups. Sage is a Mozilla Firefox plug-in that adds an RSS/Atom feed reader.
Mozilla Firefox has the HTML injection vulnerability when processing HTML webpage output based on news aggregation information. Remote attackers can exploit this vulnerability to execute arbitrary code on the site and steal Cookie authentication creden.
<* Source: Yosuke Hasegawa
Link: http://jvn.jp/en/jp/JVN30221194/index.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Peter Andrews
-------------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Https://addons.mozilla.org/en-US/firefox/addon/77