CVE-2006-1942

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 1.5.0.2 through 1.5.0.4 Netscape versions 7.2, 8.0.4, 8.1 K-Meleon version 0.9.13

Description The issue allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL. This can trick the user into selecting View Image for the broken image, potentially launching external applications such as Windows Media Player, or referencing an alternate web page.

Recommendations For Mozilla Firefox versions 1.5.0.2 through 1.5.0.4, update to version 1.5.0.4 or later to resolve the issue. For Netscape versions 7.2, 8.0.4, 8.1, consider disabling the IMG element or restricting access to non-image files to minimize the risk of exploitation until a patch is available. For K-Meleon version 0.9.13, restrict access to the file:// protocol in the SRC attribute of the IMG element to prevent the opening of local files.