First published: Thu Apr 20 2006(Updated: )
Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page."
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Netscape Navigator | =8.1 | |
Netscape Navigator | =8.0.40 | |
Netscape Navigator | =7.2 | |
Mozilla Firefox | =1.5.0.2 | |
K-meleon Project K-meleon | =0.9.13 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.