Mozilla Firefox Sage Extension RSS Feeds Cross Domain Scripting Vulnerability

Mozilla Firefox Sage Extension RSS Feeds Cross Domain Scripting Vulnerability

The Sage extension for Mozilla Firefox is prone to a cross-domain scripting vulnerability because it fails to properly sanitize user-supplied input.

Attackers can exploit this issue to run arbitrary code within the 'chrome:' context or run arbitrary commands with the privileges of the user running the affected application. Successful exploits will compromise the affected application and possibly the computer.

Sage 1.4.3 is vulnerable; other versions may also be affected.