Download dialog spoofing using Content-Disposition header — Mozilla

Andreas Sandblad of Secunia Research demonstrated a method to spoof the download dialog for saving files by supplying a Content-Disposition header with a different extension than the extension visible in the link and download dialog. Users could be tricked into downloading a safe-looking file suc...