CVE-2006-1942

Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page."

Published: 2006-04-20 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2006-1942 is rated Moderate Risk (49/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 2.54%). Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2006-1942

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 2.94% 2.54% -0.40%
2 2025-05-14 1.93% 2.94% +1.01%
3 2025-03-30 1.93%

Full EPSS history (10 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2006-1942

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
5.1 2.0 MEDIUM
AV:N/AC:H/Au:N/C:P/I:P/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:H)
Exploitation requires uncommon or highly specific conditions.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:P)
Partial availability impact.
 4.9 6.4 [email protected]

Weakness enumeration for CVE-2006-1942

OS Trackers for CVE-2006-1942

vendor priority summary link
debian low CVE-2006-1942 low priority: Debian including 2 source packages (firefox, thunderbird), 6 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 6. https://security-tracker.debian.org/tracker/CVE-2006-1942
ubuntu medium CVE-2006-1942 medium priority: Ubuntu including 1 source packages (mozilla-thunderbird), 4 status rows across 4 suites (dapper, edgy, feisty, upstream): not-affected 2, ignored 1, needs-triage 1. https://ubuntu.com/security/CVE-2006-1942

Affected software / configurations for CVE-2006-1942

Vendor Product Version Raw CPE
k-meleon_project k-meleon 0.9.13 cpe:2.3:a:k-meleon_project:k-meleon:0.9.13:*:*:*:*:*:*:*
mozilla firefox 1.5.0.2 cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
netscape navigator 7.2 cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*
netscape navigator 8.0.40 cpe:2.3:a:netscape:navigator:8.0.40:*:*:*:*:*:*:*
netscape navigator 8.1 cpe:2.3:a:netscape:navigator:8.1:*:*:*:*:*:*:*

References for CVE-2006-1942

URL Tags
http://secunia.com/advisories/19698 Vendor Advisory
http://secunia.com/advisories/19988 Vendor Advisory
http://secunia.com/advisories/20063 Vendor Advisory
http://secunia.com/advisories/20376 Vendor Advisory
http://secunia.com/advisories/21176 Vendor Advisory
http://secunia.com/advisories/21183 Vendor Advisory
http://secunia.com/advisories/21324 Vendor Advisory
http://secunia.com/advisories/22066 Vendor Advisory
http://securitytracker.com/id?1016202
http://www.debian.org/security/2006/dsa-1118
http://www.debian.org/security/2006/dsa-1120
http://www.debian.org/security/2006/dsa-1134
http://www.gavinsharp.com/tmp/ImageVuln.html Patch
http://www.mozilla.org/security/announce/2006/mfsa2006-39.html Vendor Advisory
http://www.networksecurity.fi/advisories/netscape-view-image.html Vendor Advisory
http://www.novell.com/linux/security/advisories/2006_35_mozilla.html
http://www.osvdb.org/24713
http://www.securityfocus.com/archive/1/431267/100/0/threaded
http://www.securityfocus.com/archive/1/433138/100/0/threaded
http://www.securityfocus.com/archive/1/433539/30/5070/threaded
http://www.securityfocus.com/archive/1/435795/100/0/threaded
http://www.securityfocus.com/archive/1/446658/100/200/threaded
http://www.securityfocus.com/bid/18228
http://www.vupen.com/english/advisories/2006/2106 Vendor Advisory
http://www.vupen.com/english/advisories/2006/3748 Vendor Advisory
http://www.vupen.com/english/advisories/2008/0083 Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=334341
https://exchange.xforce.ibmcloud.com/vulnerabilities/25925
cvelogic Threat Intelligence