CVE-2006-4569: XSS
First published: Fri Sep 15 2006(Updated: )
The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | <=1.5.0.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.mozilla.org/security/announce/2006/mfsa2006-62.html
- http://secunia.com/advisories/21949
- http://www.redhat.com/support/errata/RHSA-2006-0675.html
- http://www.securityfocus.com/bid/20042
- http://securitytracker.com/id?1016849
- http://secunia.com/advisories/21950
- http://secunia.com/advisories/22001
- http://security.gentoo.org/glsa/glsa-200609-19.xml
- http://www.novell.com/linux/security/advisories/2006_54_mozilla.html
- http://www.ubuntu.com/usn/usn-351-1
- http://www.ubuntu.com/usn/usn-354-1
- http://secunia.com/advisories/22025
- http://secunia.com/advisories/22210
- http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm
- http://secunia.com/advisories/22422
- http://secunia.com/advisories/22056
- http://secunia.com/advisories/22195
- https://issues.rpath.com/browse/RPL-640
- http://secunia.com/advisories/24711
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:168
- http://secunia.com/advisories/22066
- http://www.vupen.com/english/advisories/2008/0083
- http://www.vupen.com/english/advisories/2006/3748
- http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
- http://www.vupen.com/english/advisories/2007/1198
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28957
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10650
- http://www.securityfocus.com/archive/1/446140/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-4569?
CVE-2006-4569 is considered a medium severity vulnerability affecting older versions of Mozilla Firefox.
How do I fix CVE-2006-4569?
To mitigate CVE-2006-4569, upgrade to Mozilla Firefox version 1.5.0.7 or later.
What type of attack does CVE-2006-4569 allow?
CVE-2006-4569 could potentially allow attackers to conduct cross-site scripting (XSS) attacks.
Which versions of Mozilla Firefox are affected by CVE-2006-4569?
CVE-2006-4569 affects Mozilla Firefox versions prior to 1.5.0.7.
What is the impact of exploiting CVE-2006-4569?
Exploitation of CVE-2006-4569 may lead to unauthorized actions being taken in the context of the user's session.
- agent/references
- agent/type
- agent/remedy
- agent/weakness
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/softwarecombine
- vendor/mozilla
- canonical/firefox
- version/firefox/1.5.0.6