CVE-2006-4569

The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:H/Au:N/C:N/I:P/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/21949	Patch Vendor Advisory
http://secunia.com/advisories/21950
http://secunia.com/advisories/22001
http://secunia.com/advisories/22025
http://secunia.com/advisories/22056
http://secunia.com/advisories/22066
http://secunia.com/advisories/22195
http://secunia.com/advisories/22210
http://secunia.com/advisories/22422
http://secunia.com/advisories/24711
http://security.gentoo.org/glsa/glsa-200609-19.xml
http://securitytracker.com/id?1016849
http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm
http://www.mandriva.com/security/advisories?name=MDKSA-2006:168
http://www.mozilla.org/security/announce/2006/mfsa2006-62.html	Vendor Advisory
http://www.novell.com/linux/security/advisories/2006_54_mozilla.html
http://www.redhat.com/support/errata/RHSA-2006-0675.html
http://www.securityfocus.com/archive/1/446140/100/0/threaded
http://www.securityfocus.com/bid/20042
http://www.ubuntu.com/usn/usn-351-1
http://www.ubuntu.com/usn/usn-354-1
http://www.vupen.com/english/advisories/2006/3748
http://www.vupen.com/english/advisories/2007/1198
http://www.vupen.com/english/advisories/2008/0083
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
https://exchange.xforce.ibmcloud.com/vulnerabilities/28957
https://issues.rpath.com/browse/RPL-640
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10650

Configurations

Configuration 1 (hide)

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-09-15 19:07

Updated : 2018-10-17 21:37

NVD link : CVE-2006-4569

Mitre link : CVE-2006-4569

CVE.ORG link : CVE-2006-4569

JSON object : View

Products Affected

mozilla

firefox

CWE

NVD-CWE-Other

{"id": "CVE-2006-4569", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2006-09-15T19:07:00.000", "references": [{"url": "http://secunia.com/advisories/21949", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/21950", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/22001", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/22025", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/22056", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/22066", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/22195", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/22210", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/22422", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/24711", "source": "secalert@redhat.com"}, {"url": "http://security.gentoo.org/glsa/glsa-200609-19.xml", "source": "secalert@redhat.com"}, {"url": "http://securitytracker.com/id?1016849", "source": "secalert@redhat.com"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm", "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168", "source": "secalert@redhat.com"}, {"url": "http://www.mozilla.org/security/announce/2006/mfsa2006-62.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html", "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/20042", "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/usn-351-1", "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/usn-354-1", "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2006/3748", "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2007/1198", "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2008/0083", "source": "secalert@redhat.com"}, {"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28957", "source": "secalert@redhat.com"}, {"url": "https://issues.rpath.com/browse/RPL-640", "source": "secalert@redhat.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10650", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The popup blocker in Mozilla Firefox before 1.5.0.7 opens the \"blocked popups\" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks."}, {"lang": "es", "value": "El bloqueador de ventanas emergentes de Mozilla Firefox anterior a 1.5.0.7 abre las \"vetanas emergentes bloqueadas\" mostrando el contexto de la barra de localizaci\u00f3n en vez del subframe en el cual el popup se origin\u00f3, que puede hacer m\u00e1s f\u00e1cil para que atacantes remotos con la complicidad del usuario conduzcan a ataques de secuencias de comandos en sitios cruzados(XSS)."}], "lastModified": "2018-10-17T21:37:59.510", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "553BE4FA-523B-4AED-90D4-6FFCFD91E4F8", "versionEndIncluding": "1.5.0.6"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}