Ruby on Rails: XSS by MathML at Active Storage

In Active Storage, formats treated as binary have been confirmed, It does not contain application/mathml+xml. https://github.com/rails/rails/commit/d40284b1a44773b03d78ca67a888b94fd330d1b1 In Marcel::MimeType.for, if content-type can not be determined with magic byte, since it is determined using...

CVE-2016-1941

The file-download dialog in Mozilla Firefox before 44.0 on OS X enables a certain button too quickly, which allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended...