CVE-2009-4102

Sage <1.4.3 - Remote Code Execution

Title source: llm
STIX 2.1

Description

Sage 1.4.3 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed.

References (9)

Core 9
Core References
Third Party Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN99203127/index.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37466
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/37120
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3324
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54396
Third Party Advisory third-party-advisory x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000070
Various Sources x_refsource_misc
http://www.net-security.org/secworld.php?id=8527
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2009/dsa-1951

Scores

EPSS 0.0339
EPSS Percentile 87.4%

Details

CWE
CWE-20
Status published
Products (3)
mozilla/firefox
sage.mozdev/sage 1.3.8
sage.mozdev/sage < 1.4.3
Published Nov 29, 2009
Tracked Since Feb 18, 2026