Mozilla · Fizzle Extension For Firefox · CVE-2007-1678
Name of the Vulnerable Software and Affected Versions:
Fizzle extension for Firefox version 0.5
Description:
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via RSS feeds. These scripts are executed by the chrome: URI handler.
Recommendations:
For Fizzle extension for Firefox version 0.5, consider disabling the extension until a patch is available to prevent exploitation of the XSS vulnerability.