Right, I have patched two different versions of Wizz RSS. Hopefully these versions are now vulnerability safe, but I’m not going to guarantee that! Version 3.1.0.5 is a for those who are still using Firefox 3.5.n, and version 3.2.0.0 is a beta for those who are using Firefox 3.6b1 or later. Before installing either...

Read more »

Last night, and again this morning, I spent a few hours trying to implement nsIScriptableUnescapeHTML.parseFragment() in the Wizz RSS code. According to Wladimir Palant, nsIScriptableUnescapeHTML.parseFragment() should be used for Displaying web content in an extension – without security issues. It’s also obvious that other Firefox “security experts” – i.e. Jorge Villalobos – agree with...

Read more »

I have received a few emails asking how to turn off the irritating “Please uninstall Wizz RSS” page. I’m sorry to say that there isn’t much you can do to turn it off, unless you uninstall or dive into the Wizz RSS code. I know for a fact that many people ignore warnings that...

Read more »

With the number of emails I’ve been receiving, I thought I should offer an explanation as to why Wizz RSS is being shutdown. There has been an ongoing security issue with regard to the Wizz RSS code. The problem was first reported by Wladimir Palant in December 2008, and a Security Vulnerability Report was...

Read more »

A few minor changes were necessary to get Wizz RSS working with Firefox 3.6b1 – As usual it was the Places stuff that changed (long deep sigh). Anyway, once again I’m asking Wizz RSS users to test 3.2.0.0 on Firefox 3.6b1. I’m pretty sure that my request to test will, as is usually the...

Read more »