CVE-2024-10461
29.10.2024, 13:15
In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
| Vendor | Product | Version |
|---|---|---|
| mozilla | firefox | 𝑥 < 128.4.0 |
| mozilla | firefox | 𝑥 < 132.0 |
| mozilla | thunderbird | 𝑥 < 128.4.0 |
| mozilla | thunderbird | 129.0 ≤ 𝑥 < 132.0 |
𝑥
= Vulnerable software versions
Debian Releases
Debian Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| firefox |
| ||||||||||||
| firefox-esr |
| ||||||||||||
| thunderbird |
|
Ubuntu Releases
Ubuntu Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| firefox |
| ||||||||||||
| mozjs102 |
| ||||||||||||
| mozjs115 |
| ||||||||||||
| mozjs38 |
| ||||||||||||
| mozjs52 |
| ||||||||||||
| mozjs68 |
| ||||||||||||
| mozjs78 |
| ||||||||||||
| mozjs91 |
| ||||||||||||
| thunderbird |
|