CVE-2006-4569

Description

The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.

How to fix CVE-2006-4569

To remediate CVE-2006-4569, upgrade the affected package to a fixed version below.

• Debian/thunderbird—upgrade to 1.5.0.7-1 or later

Is CVE-2006-4569 being exploited?

Low — EPSS is 2.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.5.0.7-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-4569