CVE-2007-0896

Publication date 13 February 2007

Last updated 17 July 2025

Ubuntu priority

Medium

Why this priority?

Description

Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "<SCRIPT/=''SRC='" sequence in an RSS feed, a different vulnerability than CVE-2006-4712.

Status

Package Ubuntu Release Status
firefox-sage 8.04 LTS hardy
Fixed 1.3.10-1
7.10 gutsy
Fixed 1.3.10-1
7.04 feisty Ignored end of life, was needs-triage
6.10 edgy Not in release
6.06 LTS dapper Not in release

References

Other references

Access our resources on patching vulnerabilities