VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Apr 20, 2006· Updated Apr 16, 2026

CVE-2006-1942

CVE-2006-1942

Description

Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page."

Affected products

5
  • K Meleon Project/K Meleon
    cpe:2.3:a:k-meleon_project:k-meleon:0.9.13:*:*:*:*:*:*:*
  • Mozilla Corporation/Firefox
    cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
  • Netscape/Navigator3 versions
    cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:netscape:navigator:8.0.40:*:*:*:*:*:*:*
    • cpe:2.3:a:netscape:navigator:8.1:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

28

News mentions

0

No linked articles in our index yet.