Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1942

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-1942
Last Modified 07 Mar 2011 12:00:00
Published 20 Apr 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-1942

Summary

Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page."

Vulnerable Systems

Application

  • K-meleon Project K-meleon 0.9.13

  • Mozilla Firefox 1.5.0.2

  • Netscape Navigator 7.2

  • Netscape Navigator 8.0.40

  • Netscape Navigator 8.1


References

MISC - http://www.gavinsharp.com/tmp/ImageVuln.html

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=334341

XF - firefox-viewimage-security-bypass(25925)

VUPEN - ADV-2008-0083

VUPEN - ADV-2006-3748

VUPEN - ADV-2006-2106

BID - 18228

HP - SSRT061181

BUGTRAQ - 20060602 rPSA-2006-0091-1 firefox thunderbird

BUGTRAQ - 20060507 Re: Firefox 1.5.0.3 code execution exploit

BUGTRAQ - 20060505 Firefox 1.5.0.3 code execution exploit

BUGTRAQ - 20060418 Another flaw in Firefox 1.5.0.2: to open files from remote

OSVDB - 24713

SUSE - SUSE-SA:2006:035

MISC - http://www.networksecurity.fi/advisories/netscape-view-image.html

CONFIRM - http://www.mozilla.org/security/announce/2006/mfsa2006-39.html

DEBIAN - DSA-1134

DEBIAN - DSA-1120

DEBIAN - DSA-1118

SECTRACK - 1016202

SECUNIA - 22066

SECUNIA - 21324

SECUNIA - 21183

SECUNIA - 21176

SECUNIA - 20376

SECUNIA - 20063

SECUNIA - 19988

SECUNIA - 19698

HP - HPSBUX02153


Last Updated: 27 May 2016 10:42:35