Oval Definition:	oval:org.mitre.oval:def:13554
Revision Date: 2014-06-23 Version: 19 Title: DSA-1951-1 firefox-sage -- insufficient input sanitising Description: It was discovered that firefox-sage, a lightweight RSS and Atom feed reader for Firefox, does not sanitise the RSS feed information correctly, which makes it prone to a cross-site scripting and a cross-domain scripting attack. For the stable distribution, this problem has been fixed in version 1.4.2-0.1+lenny1. For the oldstable distribution, this problem has been fixed in version 1.3.6-4etch1. For the testing distribution and the unstable distribution, this problem has been fixed in version 1.4.3-3. We recommend that you upgrade your firefox-sage packages. Family: unix Class: patch Status: ACCEPTED Reference(s): CVE-2009-4102 DSA-1951-1 Platform(s): Debian GNU/Linux 4.0 Debian GNU/Linux 5.0 Product(s): firefox-sage Definition Synopsis Release section Debian GNU/Linux 5.0 is installed AND Installed architecture is all AND firefox-sage DPKG is earlier than 1.4.2-0.1+lenny1 OR Release section Debian GNU/Linux 4.0 is installed. AND Installed architecture is all AND firefox-sage DPKG is earlier than 1.3.6-4etch1
BACK