DescriptionMozilla Firefox 18.104.22.168 and possibly other versions before 22.214.171.124, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page."
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
SUSE Security Advisories:
- SUSE-SA:2006:035, published Fri, 23 Jun 2006 10:00:00 +0000
SUSE Timeline for this CVECVE page created: Fri Jun 28 02:27:13 2013
CVE page last modified: Fri Oct 7 12:45:33 2022