Vulnerability CVE-2006-1942 - CERT Civis.Net

Vulnerability Name:

CVE-2006-1942 (CCN-25925)

Assigned:

2006-04-15

Published:

2006-04-15

Updated:

2018-10-18

Summary:

Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page."

CVSS v3 Severity:

5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Bypass Security

References:

Source: CCN
Type: BugTraq Mailing List, Tue Apr 18 2006 - 09:38:34 CDT
Another flaw in Firefox 1.5.0.2: to open files from remote

Source: MITRE
Type: CNA
CVE-2006-1942

Source: CCN
Type: SA19698
Firefox "View Image" Local Resource Linking Weakness

Source: SECUNIA
Type: Vendor Advisory
19698

Source: CCN
Type: SA19988
Netscape "View Image" Local Resource Linking Weakness

Source: SECUNIA
Type: Vendor Advisory
19988

Source: CCN
Type: SA20063
Mozilla Suite "View Image" Local Resource Linking Weakness

Source: SECUNIA
Type: Vendor Advisory
20063

Source: CCN
Type: SA20376
Firefox Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
20376

Source: SECUNIA
Type: Vendor Advisory
21176

Source: SECUNIA
Type: Vendor Advisory
21183

Source: SECUNIA
Type: Vendor Advisory
21324

Source: SECUNIA
Type: Vendor Advisory
22066

Source: CCN
Type: SECTRACK ID: 1016202
Mozilla Firefox Bugs Permit Arbitrary Code Execution, Cross-Site Scripting, and HTTP Response Smuggling

Source: SECTRACK
Type: UNKNOWN
1016202

Source: CCN
Type: ASA-2006-259
HP-UX Firefox Vulnerabilities

Source: CCN
Type: ASA-2007-097
HP-UX Running Firefox Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) (HPSBUX02153)

Source: DEBIAN
Type: UNKNOWN
DSA-1118

Source: DEBIAN
Type: UNKNOWN
DSA-1120

Source: DEBIAN
Type: UNKNOWN
DSA-1134

Source: DEBIAN
Type: DSA-1118
mozilla -- several vulnerabilities

Source: DEBIAN
Type: DSA-1120
mozilla-firefox -- several vulnerabilities

Source: DEBIAN
Type: DSA-1134
mozilla-thunderbird -- several vulnerabilities

Source: MISC
Type: Patch
http://www.gavinsharp.com/tmp/ImageVuln.html

Source: CCN
Type: MFSA 2006-39
"View Image" local resource linking (Windows)

Source: CONFIRM
Type: Vendor Advisory
http://www.mozilla.org/security/announce/2006/mfsa2006-39.html

Source: MISC
Type: Vendor Advisory
http://www.networksecurity.fi/advisories/netscape-view-image.html

Source: SUSE
Type: UNKNOWN
SUSE-SA:2006:035

Source: OSVDB
Type: UNKNOWN
24713

Source: CCN
Type: OSVDB ID: 24713
Mozilla Firefox IMG Element Crafted file:// URL Arbitrary Local File Access

Source: CCN
Type: OSVDB ID: 55359
Netscape IMG Element Crafted file:// URL Arbitrary Local File Access

Source: CCN
Type: OSVDB ID: 55360
K-Meleon IMG Element Crafted file:// URL Arbitrary Local File Access

Source: BUGTRAQ
Type: UNKNOWN
20060418 Another flaw in Firefox 1.5.0.2: to open files from remote

Source: BUGTRAQ
Type: UNKNOWN
20060505 Firefox 1.5.0.3 code execution exploit

Source: BUGTRAQ
Type: UNKNOWN
20060507 Re: Firefox 1.5.0.3 code execution exploit

Source: BUGTRAQ
Type: UNKNOWN
20060602 rPSA-2006-0091-1 firefox thunderbird

Source: HP
Type: UNKNOWN
SSRT061181

Source: BID
Type: UNKNOWN
18228

Source: CCN
Type: BID-18228
Mozilla Firefox, SeaMonkey, Camino, and Thunderbird Multiple Remote Vulnerabilities

Source: VUPEN
Type: Vendor Advisory
ADV-2006-2106

Source: VUPEN
Type: Vendor Advisory
ADV-2006-3748

Source: VUPEN
Type: Vendor Advisory
ADV-2008-0083

Source: CCN
Type: Mozilla Bugzilla Bug 334341
Using image tags with a non image file, and selected view image, file will still load up, allowing access to system resources

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.mozilla.org/show_bug.cgi?id=334341

Source: XF
Type: UNKNOWN
firefox-viewimage-security-bypass(25925)

Source: XF
Type: UNKNOWN
firefox-viewimage-security-bypass(25925)

Source: SUSE
Type: SUSE-SA:2006:035
Mozilla browser security problems

Vulnerable Configuration:

Configuration 1:

cpe:/a:k-meleon_project:k-meleon:0.9.13:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*

OR cpe:/a:netscape:navigator:7.2:*:*:*:*:*:*:*

OR cpe:/a:netscape:navigator:8.0.40:*:*:*:*:*:*:*

OR cpe:/a:netscape:navigator:8.1:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:netscape:navigator:7.2:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*

OR cpe:/a:netscape:navigator:8.1:*:*:*:*:*:*:*

AND

cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20061942	V	CVE-2006-1942	2015-11-16
oval:org.debian:def:1134	V	several vulnerabilities	2006-08-02
oval:org.debian:def:1120	V	several vulnerabilities	2006-07-23
oval:org.debian:def:1118	V	several vulnerabilities	2006-07-22