Eric Foley

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 1.5.0.2 through 1.5.0.4 Netscape versions 7.2, 8.0.4, 8.1 K-Meleon version 0.9.13 **Description** The issue allows user-assisted remote attackers to open local files via a web page with an `IMG` element containing a `SRC` attribute with a non-image `file://` URL. This can trick the user into selecting View Image for the broken image, potentially launching external applications such as Windows Media Player, or referencing an alternate web page. **Recommendations** For Mozilla Firefox versions 1.5.0.2 through 1.5.0.4, update to version 1.5.0.4 or later to resolve the issue. For Netscape versions 7.2, 8.0.4, 8.1, consider disabling the `IMG` element or restricting access to non-image files to minimize the risk of exploitation until a patch is available. For K-Meleon version 0.9.13, restrict access to the `file://` protocol in the `SRC` attribute of the `IMG` element to prevent the opening of local files.