Unrated severityNVD Advisory· Published Nov 29, 2009· Updated Jun 16, 2026
CVE-2009-4102
CVE-2009-4102
Description
Sage 1.4.3 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:sage.mozdev:sage:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:sage.mozdev:sage:*:*:*:*:*:*:*:*range: <=1.4.3
- cpe:2.3:a:sage.mozdev:sage:1.3.8:*:*:*:*:*:*:*
- osv-coords2 versions
< 0+ 1 more
- (no CPE)range: < 0
- (no CPE)range: < 0
Patches
Vulnerability mechanics
References
9- secunia.com/advisories/37466nvdVendor Advisory
- www.vupen.com/english/advisories/2009/3324nvdVendor Advisory
- forums.mozillazine.org/viewtopic.phpnvd
- jvn.jp/en/jp/JVN99203127/index.htmlnvd
- jvndb.jvn.jp/jvndb/JVNDB-2011-000070nvd
- www.debian.org/security/2009/dsa-1951nvd
- www.net-security.org/secworld.phpnvd
- www.securityfocus.com/bid/37120nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/54396nvd
News mentions
0No linked articles in our index yet.