CVE-2006-1942

2006-04-2022:02:00

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

EPSS

0.01

Percentile

83.6%

JSON

Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an “alternate web page.”

OSVersionArchitecturePackageVersionFilename
Debian999allfirefox< 1.5.dfsg+1.5.0.4-1firefox_1.5.dfsg+1.5.0.4-1_all.deb
Debian12allthunderbird< 1:115.12.0-1~deb12u1thunderbird_1:115.12.0-1~deb12u1_all.deb
Debian11allthunderbird< 1:115.12.0-1~deb11u1thunderbird_1:115.12.0-1~deb11u1_all.deb
Debian999allthunderbird< 1:128.2.1esr-1thunderbird_1:128.2.1esr-1_all.deb
Debian13allthunderbird< 1:128.2.0esr-1thunderbird_1:128.2.0esr-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	999	all	firefox	< 1.5.dfsg+1.5.0.4-1	firefox_1.5.dfsg+1.5.0.4-1_all.deb
Debian	12	all	thunderbird	< 1:115.12.0-1~deb12u1	thunderbird_1:115.12.0-1~deb12u1_all.deb
Debian	11	all	thunderbird	< 1:115.12.0-1~deb11u1	thunderbird_1:115.12.0-1~deb11u1_all.deb
Debian	999	all	thunderbird	< 1:128.2.1esr-1	thunderbird_1:128.2.1esr-1_all.deb
Debian	13	all	thunderbird	< 1:128.2.0esr-1	thunderbird_1:128.2.0esr-1_all.deb