Content-Disposition: attachment ignored if Content-Type: multipart also present

2010-06-22T00:00:00
ID MFSA2010-32
Type mozilla
Reporter Mozilla Foundation
Modified 2010-06-22T00:00:00

Description

Security researcher Ilja van Sprundel of IOActive reported that the Content-Disposition: attachment HTTP header was ignored when Content-Type: multipart was also present. This issue could potentially lead to XSS problems in sites that allow users to upload arbitrary files and specify a Content-Type but rely on Content-Disposition: attachment to prevent the content from being displayed inline.