CVE-2006-4569

NameCVE-2006-4569
DescriptionThe popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
firefox (PTS)sid63.0.3-1fixed
thunderbird (PTS)jessie1:52.8.0-1~deb8u1fixed
jessie (security)1:60.3.0-1~deb8u1fixed
stretch1:60.2.1-2~deb9u1fixed
stretch (security)1:60.3.0-1~deb9u1fixed
buster, sid1:60.3.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
firefoxsource(unstable)1.5.dfsg+1.5.0.7-1low
mozilla-firefoxsourcesarge(not affected)
thunderbirdsource(unstable)1.5.0.7-1low
xulrunnersource(unstable)1.8.0.7-1low

Notes

MFSA-2006-62
[sarge] - mozilla-firefox <not-affected> (Regression only affecting 1.5)
Search for package or bug name: Reporting problems