Unrated severityNVD Advisory· Published Nov 29, 2009· Updated Apr 23, 2026

CVE-2009-4102

Description

Sage 1.4.3 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed.

Affected products

Sage Mozdev/Sage2 versions
cpe:2.3:a:sage.mozdev:sage:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:sage.mozdev:sage:*:*:*:*:*:*:*:*range: <=1.4.3
- cpe:2.3:a:sage.mozdev:sage:1.3.8:*:*:*:*:*:*:*
Mozilla Corporation/Firefox
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/37466nvdVendor Advisory
www.vupen.com/english/advisories/2009/3324nvdVendor Advisory
forums.mozillazine.org/viewtopic.phpnvd
jvn.jp/en/jp/JVN99203127/index.htmlnvd
jvndb.jvn.jp/jvndb/JVNDB-2011-000070nvd
www.debian.org/security/2009/dsa-1951nvd
www.net-security.org/secworld.phpnvd
www.securityfocus.com/bid/37120nvd
exchange.xforce.ibmcloud.com/vulnerabilities/54396nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000