Описание
When a file download is specified via the Content-Disposition header, that directive would be ignored if the file was included via a <embed> or <object> tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox < 140 and Firefox ESR < 128.12.
When a file download is specified via the Content-Disposition header, that directive would be ignored if the file was included via a <embed> or <object> tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox < 140 and Firefox ESR < 128.12.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-6430
- https://bugzilla.mozilla.org/show_bug.cgi?id=1971140
- https://www.mozilla.org/security/advisories/mfsa2025-51
- https://www.mozilla.org/security/advisories/mfsa2025-53
- https://www.mozilla.org/security/advisories/mfsa2025-54
- https://www.mozilla.org/security/advisories/mfsa2025-55
Связанные уязвимости
When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `<embed>` or `<object>` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.
When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `<embed>` or `<object>` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.
When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `<embed>` or `<object>` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.
When a file download is specified via the `Content-Disposition` header ...
Уязвимость компонента HTTP Header Handler браузеров Mozilla Firefox, Firefox ESR, позволяющая нарушителю проводить межсайтовые сценарные атаки (XSS)