Vulnerability Details : CVE-2006-4569
The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.
Vulnerability category: Cross site scripting (XSS)
Exploit prediction scoring system (EPSS) score for CVE-2006-4569
Probability of exploitation activity in the next 30 days: 5.69%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 93 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2006-4569
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
2.6
|
LOW | AV:N/AC:H/Au:N/C:N/I:P/A:N |
4.9
|
2.9
|
NIST |
References for CVE-2006-4569
- http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
- http://www.securityfocus.com/archive/1/446140/100/0/threaded
- http://www.ubuntu.com/usn/usn-354-1
-
http://www.vupen.com/english/advisories/2008/0083
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
- http://www.ubuntu.com/usn/usn-351-1
- http://www.redhat.com/support/errata/RHSA-2006-0675.html
- http://security.gentoo.org/glsa/glsa-200609-19.xml
-
http://www.mozilla.org/security/announce/2006/mfsa2006-62.html
Vendor Advisory
- http://www.novell.com/linux/security/advisories/2006_54_mozilla.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:168
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10650
-
http://securitytracker.com/id?1016849
- https://issues.rpath.com/browse/RPL-640
- http://www.securityfocus.com/bid/20042
- http://www.vupen.com/english/advisories/2006/3748
- http://www.vupen.com/english/advisories/2007/1198
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/28957
- http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm
Products affected by CVE-2006-4569
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*