When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Alpine | edge-community | noarch | firefox-esr | < 102.10.0-r0 | UNKNOWN |
Alpine | 3.18-community | noarch | firefox-esr | < 102.10.0-r0 | UNKNOWN |
Alpine | 3.19-community | noarch | firefox-esr | < 102.10.0-r0 | UNKNOWN |
Alpine | 3.20-community | noarch | firefox-esr | < 102.10.0-r0 | UNKNOWN |