CVE-2006-1942

Description

Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page."

5.1

CVSS

Severity: Medium

CVSS 2.0 •

EPSS 2.94% Top 15%

Vendor Advisory securityfocus.com Vendor Advisory debian.org Vendor Advisory debian.org Vendor Advisory debian.org Vendor Advisory novell.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory mozilla.org Vendor Advisory networksecurity.fi Vendor Advisory vupen.com Vendor Advisory vupen.com Vendor Advisory vupen.com

Affected: n/a n/a

References

Link	Tags
http://secunia.com/advisories/21176	third party advisory vendor advisory
http://www.vupen.com/english/advisories/2006/3748	vdb entry vendor advisory
http://www.osvdb.org/24713	vdb entry
http://secunia.com/advisories/19698	third party advisory vendor advisory
http://www.securityfocus.com/archive/1/431267/100/0/threaded	mailing list
http://secunia.com/advisories/20063	third party advisory vendor advisory
http://www.mozilla.org/security/announce/2006/mfsa2006-39.html	vendor advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/25925	vdb entry
http://www.securityfocus.com/archive/1/433138/100/0/threaded	mailing list
http://www.networksecurity.fi/advisories/netscape-view-image.html	vendor advisory
http://www.securityfocus.com/archive/1/435795/100/0/threaded	mailing list
http://secunia.com/advisories/20376	third party advisory vendor advisory
http://securitytracker.com/id?1016202	vdb entry
http://www.securityfocus.com/bid/18228	vdb entry
http://www.vupen.com/english/advisories/2008/0083	vdb entry vendor advisory
http://www.securityfocus.com/archive/1/446658/100/200/threaded	vendor advisory
http://www.debian.org/security/2006/dsa-1118	vendor advisory
http://www.debian.org/security/2006/dsa-1120	vendor advisory
http://secunia.com/advisories/19988	third party advisory vendor advisory
http://www.gavinsharp.com/tmp/ImageVuln.html	patch
http://www.debian.org/security/2006/dsa-1134	vendor advisory
http://secunia.com/advisories/21324	third party advisory vendor advisory
http://secunia.com/advisories/21183	third party advisory vendor advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=334341
http://secunia.com/advisories/22066	third party advisory vendor advisory
http://www.novell.com/linux/security/advisories/2006_35_mozilla.html	vendor advisory
http://www.vupen.com/english/advisories/2006/2106	vdb entry vendor advisory
http://www.securityfocus.com/archive/1/433539/30/5070/threaded	mailing list

Frequently Asked Questions

What is the severity of CVE-2006-1942?: CVE-2006-1942 has been scored as a medium severity vulnerability.
How to fix CVE-2006-1942?: To fix CVE-2006-1942, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2006-1942 being actively exploited in the wild?: It is possible that CVE-2006-1942 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~3% probability that this vulnerability will be exploited by malicious actors in the next 30 days.