11 matches found
firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
The Mozilla Foundation's Security Advisory: In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header is not respected and does not force a download, which could allow cross-site scripting XSS attacks...
firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
The Mozilla Foundation's Security Advisory: In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header is not respected and does not force a download, which could allow cross-site scripting XSS attacks...
firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
The Mozilla Foundation's Security Advisory: In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header is not respected and does not force a download, which could allow cross-site scripting XSS attacks...
firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
The Mozilla Foundation's Security Advisory: In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header is not respected and does not force a download, which could allow cross-site scripting XSS attacks...
firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
The Mozilla Foundation's Security Advisory: In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header is not respected and does not force a download, which could allow cross-site scripting XSS attacks...
firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
The Mozilla Foundation's Security Advisory: In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header is not respected and does not force a download, which could allow cross-site scripting XSS attacks...
firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
The Mozilla Foundation's Security Advisory: In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header is not respected and does not force a download, which could allow cross-site scripting XSS attacks...
firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
The Mozilla Foundation's Security Advisory: In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header is not respected and does not force a download, which could allow cross-site scripting XSS attacks...
CVE-2019-19916
In Midori Browser 0.5.11 on Windows 10, Content Security Policy CSP is not applied correctly to all parts of multipart content sent with the multipart/x-mixed-replace MIME type. This could result in script running where CSP should have blocked it, allowing for cross-site scripting XSS and other...
CVE-2016-2816
Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy CSP protection mechanism via the multipart/x-mixed-replace content type...
UBUNTU-CVE-2016-2816
Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy CSP protection mechanism via the multipart/x-mixed-replace content type...