CVE-2024-10461 Information

Description

In multipart/x-mixed-replace responses Content-Disposition: attachment in the response header was not respected and did not force a download which could allow XSS attacks. This vulnerability affects Firefox < 132 Firefox ESR < 128.4 Thunderbird < 128.4 and Thunderbird < 132.

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=1914521 https://www.mozilla.org/security/advisories/mfsa2024-55/ https://www.mozilla.org/security/advisories/mfsa2024-56/ https://www.mozilla.org/security/advisories/mfsa2024-58/ https://www.mozilla.org/security/advisories/mfsa2024-59/