GNUCitizen has discovered an RSS reader vulnerability in Sage (a firefox plugin).
"I turned off HTML tags and continued on as normal. However, something
odd happened. When rendering my whitepaper “Awakening the Sleeping
Giant” an insert of JavaScript was executed in my browser. How bazaar I
thought. The security enabled feature makes me vulnerable. Sage was
vulnerable to XSS! I immediately contacted pdp (architect). We worked
on it for 30 minutes and for those 30 minutes all you could hear were
sinister laughs."
My Blackhat Presentation Link: Zero Day Subscriptions: Using RSS and Atom Feeds As Attack Delivery Systems (Power Point)
My RSS Whitepaper: http://www.spidynamics.com/assets/documents/HackingFeeds.pdf
Advisory Link: http://www.gnucitizen.org/blog/cross-context-scripting-with-sage/
RSS Security Issues Repository Link: RSS Security
