SPI Dynamics examined a number of online and offline applications used to read RSS and Atom feeds. In many cases, any JavaScript code delivered on the feed would run on the user’s PC, meaning it could be vulnerable to attack…JavaScript is a scripting language that experts say is increasingly causing security concerns.

One wonders when news readers will start coming equipped with detection software. The article notes there are “non-vulnerable” readers, but doesn’t list them. Some that are vulnerable include Bloglines, RSS Reader, RSS Owl, Feed Demon and Sharp Reader.