| Name | CVE-2006-4569 |
| Description | The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more) |
| NVD severity | low (attack range: remote) |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| firefox (PTS) | sid | 68.0.2-3 | fixed |
| thunderbird (PTS) | jessie | 1:52.8.0-1~deb8u1 | fixed |
| jessie (security) | 1:60.8.0-1~deb8u1 | fixed | |
| stretch | 1:60.6.1-1~deb9u1 | fixed | |
| stretch (security) | 1:60.8.0-1~deb9u1 | fixed | |
| buster | 1:60.7.2-1 | fixed | |
| buster (security) | 1:60.8.0-1~deb10u1 | fixed | |
| bullseye | 1:60.8.0-1 | fixed | |
| sid | 1:60.8.0-2 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| firefox | source | (unstable) | 1.5.dfsg+1.5.0.7-1 | low | ||
| mozilla-firefox | source | sarge | (not affected) | |||
| thunderbird | source | (unstable) | 1.5.0.7-1 | low | ||
| xulrunner | source | (unstable) | 1.8.0.7-1 | low |
MFSA-2006-62
[sarge] - mozilla-firefox <not-affected> (Regression only affecting 1.5)