Mozilla Firefox infoRSS Extension Cross-Context Scripting Vulnerability
Original Issue Date: November 30, 2009
Severity Rating: High
infoRSS 1.x (extension for Firefox)
A vulnerability has been reported in the infoRSS extension for Firefox,
which could allow a remote attacker to execute arbitrary code to compromise
a user’s system.
This vulnerability is caused due to improper sanitisation of user input
passed via RSS feeds before being used to render content in the infoRSS
extension for Firefox. A remote attacker could exploit this vulnerability
by tricking a user to subscribe to a specially crafted RSS feed. Successful
exploitation of this vulnerability could allow a remote attacker to execute
arbitrary script code within the “chrome:” context and execute arbitrary
commands on a user’s system.
The information provided herein is on “as is” basis, without warranty of