CVE-2006-1942Project K-meleon vulnerability

4 documents4 sources
Severity
5.1MEDIUMNVD
EPSS
2.9%
top 13.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
K-meleon Project K-meleonMozilla FirefoxNetscape Navigator
Timeline
PublishedApr 20
Latest updateMay 1

Description

Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page."

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages3 packages

NVDmozilla/firefox1.5.0.2
NVDnetscape/navigator7.2, 8.0.40, 8.1+2

Patches

Patch: www.gavinsharp.comPatch: www.gavinsharp.com

🔴Vulnerability Details

2
GHSA
GHSA-xp4w-9xx2-8w32: Mozilla Firefox 12022-05-01
CVEList
CVE-2006-1942: Mozilla Firefox 12006-04-20

📋Vendor Advisories

1
Debian
CVE-2006-1942: firefox - Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1...2006
CVE-2006-1942 — K-meleon Project K-meleon vulnerability | cvebase