-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
FLOCK-SA-2010-02
http://flock.com/security/
Title: A malicious RSS feed can bypass cross origin
protection (XSS)
Impact: High
Announced on: 2010-09-09
Affected Products: Flock 3 versions prior to 3.0.0.4114
CVEs (cve.mitre.org): CVE-2010-3262
Details:
A malicious RSS feed containg HTML when viewed can bypass cross-origin
protection, which has unspecified impact and remote attack vectors.
Credit to Lostmon Lords.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJMj6q3AAoJEPzFtDWO6ceqkPAP/j9BUp9li9rkawCZORqbEqml
Gl5gH3TRwhCk8QeDWV6swj+0xiAcep0Pn5sDHaIdQMe9sbVNCBaOy/Iq09hRdTAe
Ps4Kpcepmbmxce3zvxbii6DZLFSnoG51/HbmY5X95PkntJU+nsWs+Bu3hgv16/9k
NE0yglFCUl5ssmPVz7U0RpnVVimthSWhF/6hj4sDgYvAvs0fbOSFFH+BUDZIb1H2
X/Vf9/qs/gmqt+BvciDabCxaUi2IdjJdpeW1hUYxiPKnViC4iT+5m4VYcFR+3TYA
PqgYw4KGjPlRXOJnQM8gnAyEiAcRhYfpgowToqUB6fdwk3zAS2c04sm8QALL0j/x
n9T48b6fIlDii8JJ2OkjvXooHAHQ7yZ66TWvS1UvzFnsudrQMhPTGkryhCplqsy5
8fM2wXFBQMpC8xgPjBlqF1I5qtsy4U1RMbvIReegONT9Nd/b0gunzb8IR5lRRC/U
kkJljskcggOAaUH44o3OcmNX8y42DlRzJHVH/G11p6c3izs1wObBKkPZ9y1TThT/
msONMu8//+qFXpR2LVF+GVfWVDI4b3qyQjVvvkeSqxuWL9UipIEYy468QC2YSK/o
wSofb2/r5L9uUkq/J6pVR1wcJfZp7sH08HEwNdaSsvcRea3myO3khxDRQkwmtdeE
lP4hH+lWEHgBMBZr0mXn
=qld4
-----END PGP SIGNATURE-----