CVE-2025-55030

Firefox for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline rather than downloading, potentially allowing for XSS attacks This vulnerability affects Firefox for iOS 142...

CVE-2025-55030

Firefox for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline rather than downloading, potentially allowing for XSS attacks. This vulnerability was fixed in Firefox for iOS 142...

CVE-2025-55030

CVE-2025-55030 concerns Firefox for iOS where a mis-handling of the Content-Disposition header (Attachment) allows inline content display and potential XSS. Affected: Firefox for iOS versions prior to 142. Root cause: improper handling of the Content-Disposition header for certain MIME types. Imp...

Security Vulnerabilities fixed in Firefox for iOS 142 — Mozilla

Firefox for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline rather than downloading, potentially allowing for XSS attacks Malicious scripts utilizing repetitive JavaScript alerts could prevent client user interaction in some...

As a Confluence Administrator, I would like to configure the 'Attachment Download Security Policy' on a per space basis

h3. Problem Definition As a Confluence Administrator, I would like to configure the 'Attachment Download Security Policy' on a per space basis. At the moment, the setting is applied at a global basis, which does not work if you want attachments to be downloaded/displayed inline depending on the...

Whitelist or blacklist for inline attachment display

Currently, there are three Attachment Download Security Policy: Default Insecure Secure !sample.png! It would be helpful if there is an extra option which allow the administrator to control the type of attachment which can be displayed inline...