Lucene search

PRIOn knowledge basePRION:CVE-2006-1942

HistoryApr 20, 2006 - 10:02 p.m.

Design/Logic Flaw

2006-04-2022:02:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.2%

JSON

Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an “alternate web page.”

CPENameOperatorVersion
k-meleoneq0.9.13
firefoxeq1.5.0.2
navigatoreq8.1
navigatoreq8.0.40
navigatoreq7.2

Name	Operator	Version
k-meleon	eq	0.9.13
firefox	eq	1.5.0.2
navigator	eq	8.1
navigator	eq	8.0.40
navigator	eq	7.2

References

secunia.com/advisories/19698

secunia.com/advisories/19988

secunia.com/advisories/20063

secunia.com/advisories/20376

secunia.com/advisories/21176

secunia.com/advisories/21183

secunia.com/advisories/21324

secunia.com/advisories/22066

securitytracker.com/id?1016202

www.debian.org/security/2006/dsa-1118

www.debian.org/security/2006/dsa-1120

www.debian.org/security/2006/dsa-1134

www.gavinsharp.com/tmp/ImageVuln.html

www.mozilla.org/security/announce/2006/mfsa2006-39.html

www.networksecurity.fi/advisories/netscape-view-image.html

www.novell.com/linux/security/advisories/2006_35_mozilla.html

www.osvdb.org/24713

www.securityfocus.com/archive/1/431267/100/0/threaded

www.securityfocus.com/archive/1/433138/100/0/threaded

www.securityfocus.com/archive/1/433539/30/5070/threaded

www.securityfocus.com/archive/1/435795/100/0/threaded

www.securityfocus.com/archive/1/446658/100/200/threaded

www.securityfocus.com/bid/18228

www.vupen.com/english/advisories/2006/2106

www.vupen.com/english/advisories/2006/3748

www.vupen.com/english/advisories/2008/0083

bugzilla.mozilla.org/show_bug.cgi?id=334341

exchange.xforce.ibmcloud.com/vulnerabilities/25925

6.5 Medium

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.2%

JSON

Related for PRION:CVE-2006-1942