Vulnerability Name: | CVE-2009-4102 (CCN-54396) | ||||||||||||||||
Assigned: | 2009-11-24 | ||||||||||||||||
Published: | 2009-11-24 | ||||||||||||||||
Updated: | 2017-08-17 | ||||||||||||||||
Summary: | Sage 1.4.3 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed. Per info from the following advisory: http://www.net-security.org/secworld.php?id=8527 Scored this CVE CIA:complete | ||||||||||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||||||
CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 8.9 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:H/RL:U/RC:UR)
4.1 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:UR)
| ||||||||||||||||
Vulnerability Type: | CWE-20 | ||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2009-4102 Source: MISC Type: UNKNOWN http://forums.mozillazine.org/viewtopic.php?f=48&t=1603515&start=0 Source: JVN Type: UNKNOWN JVN#99203127 Source: JVNDB Type: UNKNOWN JVNDB-2011-000070 Source: CCN Type: Sage Web site Sage: a feed reader for Firefox Source: CCN Type: SA37466 Firefox Sage Extension Cross-Context Scripting Vulnerability Source: SECUNIA Type: Vendor Advisory 37466 Source: DEBIAN Type: UNKNOWN DSA-1951 Source: DEBIAN Type: DSA-1951 firefox-sage -- insufficient input sanitising Source: CCN Type: Help Net Security Web Site Zero-day vulnerabilities in Firefox extensions discovered Source: MISC Type: UNKNOWN http://www.net-security.org/secworld.php?id=8527 Source: CCN Type: OSVDB ID: 60529 Sage Extension for Firefox RSS Feed chrome: Cross-context Arbitrary Code Execution Source: CCN Type: OSVDB ID: 75341 Sage Extension for Mozilla Firefox Crafted Feed XSS Source: BID Type: UNKNOWN 37120 Source: CCN Type: BID-37120 Mozilla Firefox Sage Extension RSS Feeds Cross Domain Scripting Vulnerability Source: VUPEN Type: Vendor Advisory ADV-2009-3324 Source: XF Type: UNKNOWN sage-description-xss(54396) Source: XF Type: UNKNOWN sage-description-xss(54396) | ||||||||||||||||
Vulnerable Configuration: | Configuration 1:![]() | ||||||||||||||||
Oval Definitions | |||||||||||||||||
| |||||||||||||||||
BACK |