CVE-2009-4101
infoRSS < 1.1.4.2 - Remote Code Execution and Cross-Domain Scripting via RSS Feed Description Tag
Title source: llmDescription
infoRSS 1.1.4.2 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54370
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37467
Various Sources x_refsource_misc
https://addons.mozilla.org/en-US/firefox/addons/versions/361#version-1.2.0
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3323
Scores
EPSS
0.0355
EPSS Percentile
87.9%
Details
CWE
CWE-20
Status
published
Products (22)
didier_ernotte/inforss
0.5
didier_ernotte/inforss
0.7.7
didier_ernotte/inforss
0.8.4
didier_ernotte/inforss
0.8.7
didier_ernotte/inforss
0.8.8.1
didier_ernotte/inforss
0.8.8.2
didier_ernotte/inforss
0.8.9
didier_ernotte/inforss
0.8.9.1
didier_ernotte/inforss
0.8.9.3
didier_ernotte/inforss
0.8.9.4
... and 12 more
Published
Nov 29, 2009
Tracked Since
Feb 18, 2026