CVE-2006-4569 — Cross-site Scripting in Firefox

8 documents7 sources

Severity

2.6LOWNVD

EPSS

2.2%

top 15.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Thunderbird Debian Firefox Debian Thunderbird +1 more

Timeline

PublishedSep 15

Latest updateMay 1

Description

The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages4 packages

▶NVDmozilla/firefox1.5.0.6

▶debiandebian/firefox< firefox 1.5.dfsg+1.5.0.7-1 (sid)

▶Debianmozilla/thunderbird< 1.5.0.7-1+3

▶debiandebian/thunderbird< firefox 1.5.dfsg+1.5.0.7-1 (sid)

Patches

Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-9m24-j378-4w43: The popup blocker in Mozilla Firefox before 1↗2022-05-01

▶

OSV

CVE-2006-4569: The popup blocker in Mozilla Firefox before 1↗2006-09-15

▶

📋Vendor Advisories

Ubuntu

firefox vulnerabilities↗2006-09-23

▶

Red Hat

security flaw↗2006-09-15

▶

Debian

CVE-2006-4569: firefox - The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" d...↗2006

▶

💬Community

Bugzilla

CVE-2006-4569 security flaw↗2018-08-16

▶

Bugzilla

CVE-2006-4340 Various Firefox security issues (CVE-2006-4253 CVE-2006-4565 CVE-2006-4566 CVE-2006-4567 CVE-2006-4568 CVE-2006-4569 CVE-2006-4571)↗2006-09-14

▶