A vulnerability has been reported in the Wizz RSS News Reader extension for Mozilla Firefox, which can be exploited by malicious people to compromise a vulnerable system.
Certain input is not properly sanitised before being used and can be exploited to e.g. execute arbitrary script code within the “chrome:” context.
Successful exploitation requires that a user is tricked into loading a specially crafted RSS feed.
The vulnerability is reported in versions prior to 2.1.9.
Update to version 2.1.9.