A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.

A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.

A malicious page could have used the type attribute of an OBJECT tag t ...

A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с некорректным кодированием или сокрытием выходных данных, позволяющая нарушителю проводить межсайтовые сценарные атаки (XSS)

Important: thunderbird security update

Important: thunderbird security update

Important: firefox security update

ELSA-2025-18983: thunderbird security update (IMPORTANT)

ELSA-2025-18321: thunderbird security update (IMPORTANT)

ELSA-2025-18320: thunderbird security update (IMPORTANT)

ELSA-2025-18285: firefox security update (IMPORTANT)

ELSA-2025-18155: firefox security update (IMPORTANT)

ELSA-2025-18154: firefox security update (IMPORTANT)

Security update for MozillaFirefox

Security update for MozillaFirefox