cbcvebase.
CVE-2006-1942
published 2006-04-20

CVE-2006-1942: Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to…

PriorityP416medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EPSS
2.54%
83.0th percentile
Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page."

Affected

7 ranges
VendorProductVersion rangeFixed in
debianfirefox< firefox 1.5.dfsg+1.5.0.4-1 (sid)firefox 1.5.dfsg+1.5.0.4-1 (sid)
debianthunderbird< firefox 1.5.dfsg+1.5.0.4-1 (sid)firefox 1.5.dfsg+1.5.0.4-1 (sid)
k-meleon_projectk-meleon
mozillafirefox
netscapenavigator
netscapenavigator
netscapenavigator

CVSS provenance

nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
vendor_debian5.1LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.