- Description
- Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page."
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 5.1
- Impact score
- 6.4
- Exploitability score
- 4.9
- Vector string
- AV:N/AC:H/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:k-meleon_project:k-meleon:0.9.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D9F05337-F4CB-4829-A086-1164CAC34BAA"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "84D15CE0-69DF-4EFD-801E-96A4D6AABEDB"
},
{
"criteria": "cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "842CBD30-B4BA-4FCF-9152-9DBEBE59857C"
},
{
"criteria": "cpe:2.3:a:netscape:navigator:8.0.40:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4877D2D7-139E-4582-B023-53E1E1E1D124"
},
{
"criteria": "cpe:2.3:a:netscape:navigator:8.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D673003C-0491-4C94-8907-5E36BB5EB9AD"
}
],
"operator": "OR"
}
]
}
]