Vulnerability Description
infoRSS 1.1.4.2 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Didier Ernotte | Inforss | <= 1.1.4.2 |
| Mozilla | Firefox | All versions |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/37467Vendor Advisory
- http://www.vupen.com/english/advisories/2009/3323Vendor Advisory
- https://addons.mozilla.org/en-US/firefox/addons/versions/361#version-1.2.0
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54370
- http://secunia.com/advisories/37467Vendor Advisory
- http://www.vupen.com/english/advisories/2009/3323Vendor Advisory
- https://addons.mozilla.org/en-US/firefox/addons/versions/361#version-1.2.0
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54370
FAQ
What is CVE-2009-4101?
CVE-2009-4101 is a vulnerability with a CVSS score of 9.3 (HIGH). infoRSS 1.1.4.2 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting att...
How severe is CVE-2009-4101?
CVE-2009-4101 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-4101?
Check the references section above for vendor advisories and patch information. Affected products include: Didier Ernotte Inforss, Mozilla Firefox.