CVE Published: 29/10/2024 |
CVE Updated: 29/10/2024 |
CVE Year: 2024 Source: mozilla |
Vendor: Mozilla |
Product: Firefox Status : PUBLISHED
CVE-2024-10461 Description
In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.