CVE-2006-4569: XSS
First published: Fri Sep 15 2006(Updated: )
The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <=1.5.0.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.mozilla.org/security/announce/2006/mfsa2006-62.html
- http://secunia.com/advisories/21949
- http://www.redhat.com/support/errata/RHSA-2006-0675.html
- http://www.securityfocus.com/bid/20042
- http://securitytracker.com/id?1016849
- http://secunia.com/advisories/21950
- http://secunia.com/advisories/22001
- http://security.gentoo.org/glsa/glsa-200609-19.xml
- http://www.novell.com/linux/security/advisories/2006_54_mozilla.html
- http://www.ubuntu.com/usn/usn-351-1
- http://www.ubuntu.com/usn/usn-354-1
- http://secunia.com/advisories/22025
- http://secunia.com/advisories/22210
- http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm
- http://secunia.com/advisories/22422
- http://secunia.com/advisories/22056
- http://secunia.com/advisories/22195
- https://issues.rpath.com/browse/RPL-640
- http://secunia.com/advisories/24711
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:168
- http://secunia.com/advisories/22066
- http://www.vupen.com/english/advisories/2008/0083
- http://www.vupen.com/english/advisories/2006/3748
- http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
- http://www.vupen.com/english/advisories/2007/1198
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28957
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10650
- http://www.securityfocus.com/archive/1/446140/100/0/threaded
- agent/references
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/remedy
- agent/weakness
- agent/author
- agent/severity
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/1.5.0.6