Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page."
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-07T17:27:29.865Z

Reserved: 2006-04-20T00:00:00

Link: CVE-2006-1942

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2006-04-20T22:02:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-1942

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.