1. CVE-Search
  2. CVE-2006-1942
ID CVE-2006-1942
Summary Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page."
References
Vulnerable Configurations
  • cpe:2.3:a:k-meleon_project:k-meleon:0.9.13:*:*:*:*:*:*:*
    cpe:2.3:a:k-meleon_project:k-meleon:0.9.13:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:navigator:8.0.40:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:navigator:8.0.40:*:*:*:*:*:*:*
  • cpe:2.3:a:netscape:navigator:8.1:*:*:*:*:*:*:*
    cpe:2.3:a:netscape:navigator:8.1:*:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 18-10-2018 - 16:37)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
refmap via4
bid 18228
bugtraq
  • 20060418 Another flaw in Firefox 1.5.0.2: to open files from remote
  • 20060505 Firefox 1.5.0.3 code execution exploit
  • 20060507 Re: Firefox 1.5.0.3 code execution exploit
  • 20060602 rPSA-2006-0091-1 firefox thunderbird
confirm
debian
  • DSA-1118
  • DSA-1120
  • DSA-1134
hp
  • HPSBUX02153
  • SSRT061181
misc
osvdb 24713
sectrack 1016202
secunia
  • 19698
  • 19988
  • 20063
  • 20376
  • 21176
  • 21183
  • 21324
  • 22066
suse SUSE-SA:2006:035
vupen
  • ADV-2006-2106
  • ADV-2006-3748
  • ADV-2008-0083
xf firefox-viewimage-security-bypass(25925)
Last major update 18-10-2018 - 16:37
Published 20-04-2006 - 22:02
Last modified 18-10-2018 - 16:37
Back to Top