CVE-2006-4568

Publication date 15 September 2006

Last updated 24 July 2024


Ubuntu priority

Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remote attackers to bypass the security model and inject content into the sub-frame of another site via targetWindow.frames[n].document.open(), which facilitates spoofing and other attacks.

Status

Package Ubuntu Release Status
firefox 7.04 feisty
Not affected
6.10 edgy
Not affected
6.06 LTS dapper
Fixed 1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1
firefox-granparadiso 7.04 feisty Not in release
6.10 edgy Not in release
6.06 LTS dapper Not in release
lightning-sunbird 7.04 feisty Not in release
6.10 edgy Not in release
6.06 LTS dapper Not in release
midbrowser 7.04 feisty Not in release
6.10 edgy Not in release
6.06 LTS dapper Not in release
xulrunner 7.04 feisty
Fixed 1.8.0.10-3ubuntu1
6.10 edgy Ignored end of life, was needed
6.06 LTS dapper Not in release

References

Related Ubuntu Security Notices (USN)

    • USN-351-1
    • firefox vulnerabilities
    • 23 September 2006
    • USN-361-1
    • Mozilla vulnerabilities
    • 10 October 2006

Other references