FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-4568

This CVE name corresponds to:

Entered Topic
2006-09-15 mozilla -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-4568 at cve.mitre.org

Details

Type Candidate
Name CVE-2006-4568
Phase Assigned(20060906)

Description

Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remote attackers to bypass the security model and inject content into the sub-frame of another site via targetWindow.frames[n].document.open(), which facilitates spoofing and other attacks.

References

Source Reference
BUGTRAQ 20060915 rPSA-2006-0169-1 firefox thunderbird
CONFIRM http://www.mozilla.org/security/announce/2006/mfsa2006-61.html
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm
CONFIRM https://issues.rpath.com/browse/RPL-640
CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=343168
DEBIAN DSA-1191
DEBIAN DSA-1192
DEBIAN DSA-1210
GENTOO GLSA-200609-19
GENTOO GLSA-200610-04
HP HPSBUX02153
HP SSRT061181
MANDRIVA MDKSA-2006:168
REDHAT RHSA-2006:0676
REDHAT RHSA-2006:0675
SGI 20060901-01-P
SUSE SUSE-SA:2006:054
UBUNTU USN-351-1
UBUNTU USN-354-1
UBUNTU USN-361-1
BID 20042
OVAL oval:org.mitre.oval:def:9843
VUPEN ADV-2006-3617
VUPEN ADV-2007-1198
VUPEN ADV-2006-3748
VUPEN ADV-2008-0083
SECTRACK 1016855
SECTRACK 1016856
SECUNIA 21906
SECUNIA 21949
SECUNIA 21915
SECUNIA 21940
SECUNIA 21950
SECUNIA 22036
SECUNIA 22001
SECUNIA 22025
SECUNIA 22210
SECUNIA 22247
SECUNIA 22299
SECUNIA 22342
SECUNIA 22391
SECUNIA 22422
SECUNIA 22849
SECUNIA 22056
SECUNIA 22195
SECUNIA 24711
SECUNIA 22066
XF mozilla-documentopen-frame-spoofing(28961)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.