CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
EPSS
Percentile
83.6%
Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4,
Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted
remote attackers to open local files via a web page with an IMG element
containing a SRC attribute with a non-image file:// URL, then tricking the
user into selecting View Image for the broken image, as demonstrated using
a .wma file to launch Windows Media Player, or by referencing an “alternate
web page.”