CVE-2007-2060 Information

Description

Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 extension to Mozilla Firefox allows remote attackers to execute arbitrary Javascript in the browser chrome via the RSS feed DOM.

Reference

http://osvdb.org/34534 http://secunia.com/advisories/24913 http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment/ http://www.kb.cert.org/vuls/id/319464 http://www.kb.cert.org/vuls/id/MIMG-6ZKP4T http://www.securityfocus.com/bid/23523 http://www.vupen.com/english/advisories/2007/1425 https://addons.mozilla.org/en-US/firefox/addon/424 https://exchange.xforce.ibmcloud.com/vulnerabilities/33693