CVE-2006-1942 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-1942
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-1942

Description: Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page."

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/25925 SUSE http://www.novell.com/linux/security/advisories/2006_35_mozilla.html ST 1016202 SAID Secunia Advisory: SA21176 Secunia Advisory: SA21183 Secunia Advisory: SA20376 Secunia Advisory: SA19988 Secunia Advisory: SA19698 Secunia Advisory: SA21324 Secunia Advisory: SA20063 Secunia Advisory: SA22066 OSVDB 24713 MISC http://www.gavinsharp.com/tmp/ImageVuln.html http://www.networksecurity.fi/advisories/netscape-view-image.html HP http://www.securityfocus.com/archive/1/archive/1/446658/100/200/threaded DEBIAN http://www.debian.org/security/2006/dsa-1120 http://www.debian.org/security/2006/dsa-1134 http://www.debian.org/security/2006/dsa-1118 CONFIRM http://www.mozilla.org/security/announce/2006/mfsa2006-39.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/435795/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/433539/30/5070/threaded http://www.securityfocus.com/archive/1/archive/1/433138/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/431267/100/0/threaded BID 18228

Return to the previous page.