Diigo is "a social bookmarking and sharing application which allows users to see other users comments and notes for every website. For this feature users should use Diigolet bookmarklet or Diigo Toolbar. These are almost mandatory to use Diigo and almost all Diigo members have them installed". Two security vulnerabilities have been discovered in Diigo Toolbar, one of these vulnerabilities allows a remote attackers to insert arbitrary Javascript into the context of the Diigo Toolbar, which will continue on being executed even if the user leaves the attacker's web site, while the other allows leakage of sensitive information between unrelated websites.

http://www.securiteam.com/windowsntf...UP0M15OKE.html