It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via “View -> Feed article -> Website” or in the standard format of “View -> Feed article -> default format”.
Acknowledgments: Name: the Mozilla project Upstream: cure53
External References: https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7829
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 6 Via RHSA-2018:0061 https://access.redhat.com/errata/RHSA-2018:0061