Mozilla Firefox 1.5.0.2 and possibly other versions prior to 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote malicious users to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
k-meleon project k-meleon 0.9.13 |
||
mozilla firefox 1.5.0.2 |
||
netscape navigator 7.2 |
||
netscape navigator 8.0.40 |
||
netscape navigator 8.1 |