CVE-2006-1942

Summary

CVE	CVE-2006-1942
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2006-04-20 22:02:00 UTC
Updated	2018-10-18 16:37:00 UTC
Description	Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page."

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	K-meleon Project	K-meleon	0.9.13	All	All	All
Application	K-meleon Project	K-meleon	0.9.13	All	All	All
Application	Mozilla	Firefox	1.5.0.2	All	All	All
Application	Mozilla	Firefox	1.5.0.2	All	All	All
Application	Netscape	Navigator	7.2	All	All	All
Application	Netscape	Navigator	8.0.40	All	All	All
Application	Netscape	Navigator	8.1	All	All	All
Application	Netscape	Navigator	7.2	All	All	All
Application	Netscape	Navigator	8.0.40	All	All	All
Application	Netscape	Navigator	8.1	All	All	All

References

Reference	Source	Link	Tags
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com	Vendor Advisory
Firefox "View Image" Local Resource Linking Weakness - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
334341 – [FIX]Using image tags with a non image file, and selected view image, file will still load up, allowing access to system resources	CONFIRM	bugzilla.mozilla.org
24713	OSVDB	www.osvdb.org
SecurityFocus	HP	www.securityfocus.com
Security Announcement	SUSE	www.novell.com
Debian update for mozilla-thunderbird - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
HP-UX update for firefox - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
Bug 334341	MISC	www.gavinsharp.com	Patch
Firefox Multiple Vulnerabilities - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
Debian -- Security Information -- DSA-1134-1 mozilla-thunderbird	DEBIAN	www.debian.org
SecurityTracker.com Archives - Mozilla Firefox Bugs Permit Arbitrary Code Execution, Cross-Site Scripting, and HTTP Response Smuggling	SECTRACK	securitytracker.com
Mozilla Suite "View Image" Local Resource Linking Weakness - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
Debian -- Security Information -- DSA-1118-1 mozilla	DEBIAN	www.debian.org
SecurityFocus	BUGTRAQ	www.securityfocus.com
SecurityFocus	BUGTRAQ	www.securityfocus.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com	Vendor Advisory
Debian update for mozilla - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com	Vendor Advisory
Debian -- Security Information -- DSA-1120-1 mozilla-firefox	DEBIAN	www.debian.org
Debian update for mozilla-firefox - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
Mozilla Firefox, SeaMonkey, Camino, and Thunderbird Multiple Remote Vulnerabilities	BID	www.securityfocus.com
MFSA 2006-39: "View Image" local resource linking (Windows)	CONFIRM	www.mozilla.org	Vendor Advisory
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
This domain name is registered with Netim	MISC	www.networksecurity.fi	Vendor Advisory
SecurityFocus	BUGTRAQ	www.securityfocus.com
Netscape "View Image" Local Resource Linking Weakness - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
SecurityFocus	BUGTRAQ	www.securityfocus.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.