When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.

When handling the filename directive in the Content-Disposition header ...

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.

Уязвимость браузеров Mozilla Firefox, Focus for Android, Mozilla Firefox ESR и почтового клиента Thunderbird, связанная с неправильной обработкой директивы заголовка Content-Disposition, позволяющая нарушителю обойти ограничения безопасности и загрузить произвольные файлы

ELSA-2023-1791: firefox security update (IMPORTANT)

ELSA-2023-1787: firefox security update (IMPORTANT)

ELSA-2023-1786: firefox security update (IMPORTANT)

Important: thunderbird security update

Important: thunderbird security update

ELSA-2023-1809: thunderbird security update (IMPORTANT)

ELSA-2023-1806: thunderbird security update (IMPORTANT)

ELSA-2023-1802: thunderbird security update (IMPORTANT)

Security update for MozillaFirefox

Security update for MozillaFirefox

Security update for MozillaFirefox

Множественные уязвимости firefox

Множественные уязвимости thunderbird

Security update for MozillaThunderbird