Lucene search
SecurityvulnsSECURITYVULNS:DOC:24125HistoryJun 25, 2010 - 12:00 a.m.
Mozilla Foundation Security Advisory 2010-32
2010-06-2500:00:00
vulners.com
66
Mozilla Foundation Security Advisory 2010-32
Title: Content-Disposition: attachment ignored if Content-Type: multipart also present
Impact: Moderate
Announced: June 22, 2010
Reporter: Ilja van Sprundel
Products: Firefox, SeaMonkey
Fixed in: Firefox 3.6.4
Firefox 3.5.10
SeaMonkey 2.0.5
Description
Security researcher Ilja van Sprundel of IOActive reported that the Content-Disposition: attachment HTTP header was ignored when Content-Type: multipart was also present. This issue could potentially lead to XSS problems in sites that allow users to upload arbitrary files and specify a Content-Type but rely on Content-Disposition: attachment to prevent the content from being displayed inline.
References
* https://bugzilla.mozilla.org/show_bug.cgi?id=537120
* CVE-2010-1197
Related
veracode
veracode
Cross-site Scripting (XSS)
2020-04-10 00:43:47
cve
cve
CVE-2010-1197
2010-06-24 12:30:00
mozilla
mozilla
prion
prion
Cross site scripting
2010-06-24 12:30:00
ubuntucve
ubuntucve
CVE-2010-1197
2010-06-24 00:00:00
openvas
openvas
RedHat Update for seamonkey RHSA-2010:0499-01
2010-06-28 00:00:00
nessus
nessus
Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64
2012-08-01 00:00:00
Debian DSA-2064-1 : xulrunner - several vulnerabilities
2010-06-29 00:00:00
SeaMonkey < 2.0.5 Multiple Vulnerabilities
2010-06-23 00:00:00
redhat
redhat
(RHSA-2010:0499) Critical: seamonkey security update
2010-06-22 00:00:00
(RHSA-2010:0501) Critical: firefox security, bug fix, and enhancement update
2010-06-22 00:00:00
(RHSA-2010:0544) Moderate: thunderbird security update
2010-07-20 00:00:00
oraclelinux
oraclelinux
seamonkey security update
2010-06-22 00:00:00
thunderbird security update
2010-07-21 00:00:00
firefox security, bug fix, and enhancement update
2010-06-23 00:00:00
centos
centos
seamonkey security update
2010-07-21 19:15:00
firefox security update
2010-08-06 23:15:15
thunderbird security update
2010-08-06 23:32:55
debian
debian
[SECURITY] [DSA 2064-1] New xulrunner packages fix several vulnerabilities
2010-06-27 20:39:12
[Backports-security-announce] Security Update for xulrunner
2010-07-01 11:48:42
[Backports-security-announce] Security Update for xulrunner
2010-07-01 11:54:27
osv
osv
xulrunner - several vulnerabilities
2010-06-27 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: gnome-python2-extras-2.25.3-19.fc13
2010-06-24 16:31:49
[SECURITY] Fedora 13 Update: perl-Gtk2-MozEmbed-0.08-6.fc13.14
2010-06-24 16:31:49
[SECURITY] Fedora 13 Update: firefox-3.6.4-1.fc13
2010-06-24 16:31:49
ubuntu
ubuntu
Firefox and Xulrunner vulnerabilities
2010-06-29 00:00:00
Firefox regression
2010-06-30 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Seamonkey multiple security vulnerabilities
2010-06-25 00:00:00
suse
suse
remote code execution in MozillaFirefox,mozilla-xulrunner191
2010-07-09 14:53:59
freebsd
freebsd
mozilla -- multiple vulnerabilities
2010-06-22 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
Related for SECURITYVULNS:DOC:24125