Internal browser on Linux (XULRunner) has many known security issues #7
Description
On Linux (and maybe on Mac OS X) RSSOwl is using XULRunner 1.9.2.
There are many (probably several hundreds) of known security bugs in XULRunner, which includes most security bugs of firefox since XULRunner 1.9.2 has seen its last release. To get a vague image of the number of bugs, have a look at the CVE database and compare it to the release date of XULRunner 1.9.2 3.6.26, January 31st, 2012. Running XULRunner is not supported by Mozilla any more (Source 1, Source 2). This issue can only be fixed by updating to latest versions of SWT (4.6+) and thus Eclipse platform 4.6+ immediately, because only those are using WebKitGtk+ version 2 with which still gets security bug fixes.
Updating to just using WebKitGtk+ 1.x with SWT 4.x won't fix this issue, since WebKitGtk+ is also old and contains hundreds of known security bugs too and will never be fixed completely because of maintenance burden. WebKitGtk+ 2 support on SWT / Eclipse platform 4.6 works, but it is far from being perfect. Release 4.7 of SWT / Eclipse platform should fix the remaining issues
This issue does not affect Windows builds (I think so at least) since they use the Internet Explorer web rendering engine by default. There might be a similiar issue on Windows too.