package: firefox-sage severity: grave tags: security A vulnerability has been found in sage. From http://secunia.com/advisories/22809/ :
David Kierznowski has discovered a vulnerability in the Sage extension for Firefox, which can be exploited by malicious people to conduct script insertion attacks. The vulnerability is caused due to an input validation error in the processing of "img" tags in feeds. This can e.g. be exploited to insert and execute arbitrary HTML and script code in a local context by tricking a user into adding a malicious feed and then viewing the contents of it.
pgpJh13exhMks.pgp
Description: PGP signature
