Vulnerability Name:

CVE-2006-4569 (CCN-28957)

Assigned:2006-09-15
Published:2006-09-15
Updated:2018-10-17
Summary:The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.
CVSS v3 Severity:4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
1.9 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2006-4569

Source: CCN
Type: RHSA-2006-0675
firefox security update

Source: SECUNIA
Type: Patch, Vendor Advisory
21949

Source: SECUNIA
Type: UNKNOWN
21950

Source: SECUNIA
Type: UNKNOWN
22001

Source: SECUNIA
Type: UNKNOWN
22025

Source: SECUNIA
Type: UNKNOWN
22056

Source: SECUNIA
Type: UNKNOWN
22066

Source: SECUNIA
Type: UNKNOWN
22195

Source: SECUNIA
Type: UNKNOWN
22210

Source: CCN
Type: SA22422
Avaya Products Firefox Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
22422

Source: CCN
Type: SA24711
Netscape Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
24711

Source: GENTOO
Type: UNKNOWN
GLSA-200609-19

Source: CCN
Type: SECTRACK ID: 1016849
Mozilla Firefox Input Validation Flaw in Popup Blocking Permits Cross-Site Scripting Attacks

Source: SECTRACK
Type: UNKNOWN
1016849

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm

Source: CCN
Type: ASA-2006-224
firefox security update (RHSA-2006-0675)

Source: CCN
Type: ASA-2007-097
HP-UX Running Firefox Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) (HPSBUX02153)

Source: CCN
Type: GLSA-200609-19
Mozilla Firefox: Multiple vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:168

Source: CCN
Type: MFSA 2006-62
Popup-blocker cross-site scripting (XSS)

Source: CONFIRM
Type: Vendor Advisory
http://www.mozilla.org/security/announce/2006/mfsa2006-62.html

Source: SUSE
Type: UNKNOWN
SUSE-SA:2006:054

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0675

Source: BUGTRAQ
Type: UNKNOWN
20060915 rPSA-2006-0169-1 firefox thunderbird

Source: BID
Type: UNKNOWN
20042

Source: CCN
Type: BID-20042
Mozilla Firefox/Thunderbird/Seamonkey Multiple Remote Vulnerabilities

Source: CCN
Type: USN-351-1
Firefox vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-351-1

Source: CCN
Type: USN-354-1
Firefox vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-354-1

Source: VUPEN
Type: UNKNOWN
ADV-2006-3748

Source: VUPEN
Type: UNKNOWN
ADV-2007-1198

Source: VUPEN
Type: UNKNOWN
ADV-2008-0083

Source: HP
Type: UNKNOWN
SSRT061181

Source: XF
Type: UNKNOWN
firefox-popup-blocker-xss(28957)

Source: XF
Type: UNKNOWN
firefox-popup-blocker-xss(28957)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-640

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10650

Source: SUSE
Type: SUSE-SA:2006:054
Mozilla Firefox security update

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:* (Version <= 1.5.0.6)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1::as:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1::ws:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20064569
    V
    		CVE-2006-4569
    2015-11-16
    oval:org.mitre.oval:def:10650
    V
    		The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.
    2013-04-29
    oval:com.redhat.rhsa:def:20060675
    P
    		RHSA-2006:0675: firefox security update (Critical)
    2006-09-15
    BACK
    mozilla firefox *
    mozilla firefox 1.5 beta1
    mozilla firefox 1.5
    mozilla firefox 1.5.0.2
    mozilla firefox 1.5.0.3
    mozilla firefox 1.5.0.4
    mozilla firefox 1.5.0.6
    mozilla firefox 1.5.0.1
    mozilla firefox 1.5.0.5
    mozilla firefox 1.5 beta2
    gentoo linux *
    redhat enterprise linux 3
    suse suse linux 9.2
    redhat enterprise linux 2.1
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell linux desktop 9
    redhat enterprise linux 4
    redhat enterprise linux 4
    suse suse linux 10.0
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 2006
    canonical ubuntu 6.06
    suse suse linux 10.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    suse suse linux 9.3