14 DAY TRIAL // Firefox is currently one of the most popular browsers on the Internet because it was one of the first applications that introduced tab browsing, a function that is now implemented in the majority of programs. Since its first release, Firefox attracted an impressive number of users that were looking for an Internet Explorer alternative, Microsoft's Internet browser distributed via Windows operating system. At this time, Mozilla's Firefox contains a lot of attracting features, helping you browse the Internet more secure and using a lot of great utilities.
Today, security company Secunia reported a vulnerability in a Firefox extension that can allow an attacker to execute malicious scripts to help run other programs. The Sage add-on is an RSS and Atom feed reader and aggregator, enabling you to read news and headlines directly from your browser's window. The extension has an attractive interface bundled with well-developed functions, being used by an impressive number of Firefox clients.
Although Secunia rated the flaw as less critical, it can make your computer even more vulnerable if a successful exploitation is conducted through the reported issue. 'The vulnerability is caused due to an input validation error in the processing of certain tags in RSS feeds. This can e.g. be exploited to insert and execute arbitrary HTML and script code in a local context by tricking a user into adding a malicious feed and then viewing its contents. The vulnerability is reported in version 1.3.9. Prior versions may also be affected," Secunia said in the security advisory.
It seems like the only solution to fix the vulnerability is to update the extension to version 1.3.10. You can download this latest version of the Firefox add-on from Softpedia by following this link.