|Mozilla Firefox 126.96.36.199 and possibly other versions before 188.8.131.52,
Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted
remote attackers to open local files via a web page with an IMG
element containing a SRC attribute with a non-image file:// URL, then
tricking the user into selecting View Image for the broken image, as
demonstrated using a .wma file to launch Windows Media Player, or by
referencing an "alternate web page."