CVE-2006-1942
Title: Mozilla Firefox
Other
Proof Of Concept
No public PoC currently indexed for CVE-2006-1942.
CWE Category
NVD-CWE-noinfo
Published Date
Apr 20, 2006
Modified Date
Apr 03, 2025
Exploit Status
Not Found
Score
5.1
CVSS v2.0
Exploit Probability (EPSS)
2.94%
Vulnerability Summary
CVE-2006-1942: Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page."
Impacted Vendors
Reference Links
http://secunia.com/advisories/19698
http://secunia.com/advisories/19988
http://secunia.com/advisories/20063
http://secunia.com/advisories/20376
http://secunia.com/advisories/21176
http://secunia.com/advisories/21183
http://secunia.com/advisories/21324
http://secunia.com/advisories/22066
http://securitytracker.com/id?1016202
http://www.debian.org/security/2006/dsa-1118
http://www.debian.org/security/2006/dsa-1120
http://www.debian.org/security/2006/dsa-1134
http://www.gavinsharp.com/tmp/ImageVuln.html
http://www.mozilla.org/security/announce/2006/mfsa2006-39.html
http://www.networksecurity.fi/advisories/netscape-view-image.html
http://www.novell.com/linux/security/advisories/2006_35_mozilla.html
http://www.osvdb.org/24713
http://www.securityfocus.com/archive/1/431267/100/0/threaded
http://www.securityfocus.com/archive/1/433138/100/0/threaded
http://www.securityfocus.com/archive/1/433539/30/5070/threaded
http://www.securityfocus.com/archive/1/435795/100/0/threaded
http://www.securityfocus.com/archive/1/446658/100/200/threaded
http://www.securityfocus.com/bid/18228
http://www.vupen.com/english/advisories/2006/2106
http://www.vupen.com/english/advisories/2006/3748
http://www.vupen.com/english/advisories/2008/0083
https://bugzilla.mozilla.org/show_bug.cgi?id=334341
https://exchange.xforce.ibmcloud.com/vulnerabilities/25925
http://secunia.com/advisories/19698
http://secunia.com/advisories/19988
http://secunia.com/advisories/20063
http://secunia.com/advisories/20376
http://secunia.com/advisories/21176
http://secunia.com/advisories/21183
http://secunia.com/advisories/21324
http://secunia.com/advisories/22066
http://securitytracker.com/id?1016202
http://www.debian.org/security/2006/dsa-1118
http://www.debian.org/security/2006/dsa-1120
http://www.debian.org/security/2006/dsa-1134
http://www.gavinsharp.com/tmp/ImageVuln.html
http://www.mozilla.org/security/announce/2006/mfsa2006-39.html
http://www.networksecurity.fi/advisories/netscape-view-image.html
http://www.novell.com/linux/security/advisories/2006_35_mozilla.html
http://www.osvdb.org/24713
http://www.securityfocus.com/archive/1/431267/100/0/threaded
http://www.securityfocus.com/archive/1/433138/100/0/threaded
http://www.securityfocus.com/archive/1/433539/30/5070/threaded
http://www.securityfocus.com/archive/1/435795/100/0/threaded
http://www.securityfocus.com/archive/1/446658/100/200/threaded
http://www.securityfocus.com/bid/18228
http://www.vupen.com/english/advisories/2006/2106
http://www.vupen.com/english/advisories/2006/3748
http://www.vupen.com/english/advisories/2008/0083
https://bugzilla.mozilla.org/show_bug.cgi?id=334341
https://exchange.xforce.ibmcloud.com/vulnerabilities/25925
CVSS v2.0
Source Entity
[email protected]
Severity
MEDIUM
5.1
Access Vector
N/A
Authentication
N/A
RAW VECTOR
AV:N/AC:H/Au:N/C:P/I:P/A:P
Associated Attack Patterns (CAPEC)
Total: PatternsNo specific attack patterns mapped.
Likelihood
Severity
Page /
CVE-2006-1942 Exploits & PoCs (Proof Of Concept)
No public PoCs found in our database for this CVE.
MODIFIED
Vulnerability data or affected products updated.
PUBLISHED
Vulnerability first announced in NVD.
Attack Vector Matrix
Access Vector
N/A
Complexity
N/A
Privileges
N/A
Interaction
NONE
CVSS Vector String
AV:N/AC:H/Au:N/C:P/I:P/A:P
Affected Stack
No specific products linked.