CVE-2006-4568

Publication date 15 September 2006

Last updated 17 July 2025

Ubuntu priority

Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remote attackers to bypass the security model and inject content into the sub-frame of another site via targetWindow.frames[n].document.open(), which facilitates spoofing and other attacks.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
firefox	7.04 feisty	Not affected
	6.10 edgy	Not affected
	6.06 LTS dapper	Fixed 1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1
firefox-granparadiso	7.04 feisty	Not in release
	6.10 edgy	Not in release
	6.06 LTS dapper	Not in release
lightning-sunbird	7.04 feisty	Not in release
	6.10 edgy	Not in release
	6.06 LTS dapper	Not in release
midbrowser	7.04 feisty	Not in release
	6.10 edgy	Not in release
	6.06 LTS dapper	Not in release
xulrunner	7.04 feisty	Fixed 1.8.0.10-3ubuntu1
	6.10 edgy	Ignored end of life, was needed
	6.06 LTS dapper	Not in release

References

Related Ubuntu Security Notices (USN)

USN-351-1
firefox vulnerabilities
23 September 2006

USN-361-1
Mozilla vulnerabilities
10 October 2006

Other references

https://www.cve.org/CVERecord?id=CVE-2006-4568