28 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-10461
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header was not respected and did not force a download, which could allow...
firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
The Mozilla Foundation's Security Advisory: In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header is not respected and does not force a download, which could allow cross-site scripting XSS attacks...
firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
The Mozilla Foundation's Security Advisory: In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header is not respected and does not force a download, which could allow cross-site scripting XSS attacks...
firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
The Mozilla Foundation's Security Advisory: In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header is not respected and does not force a download, which could allow cross-site scripting XSS attacks...
firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
The Mozilla Foundation's Security Advisory: In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header is not respected and does not force a download, which could allow cross-site scripting XSS attacks...
firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
The Mozilla Foundation's Security Advisory: In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header is not respected and does not force a download, which could allow cross-site scripting XSS attacks...
CVE-2024-10461
In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...
CVE-2024-10461
In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...
HTTP Response Splitting
perl is vulnerable to HTTP response splitting. The vulnerability exists as it was found that the Perl CGI module used a hard-coded value for the MIME boundary string in multipart/x-mixed-replace content. A remote attacker could possibly use this flaw to conduct an HTTP response splitting attack v...
Mozilla Firefox Cross-Site Scripting Vulnerability (CNVD-2018-10239)
Mozilla Firefox browser Firefox is a free and open source browser for Windows, Linux and MacOSX platforms. A cross-site scripting vulnerability exists in Mozilla Firefox. The vulnerability arises because the Content Security Policy CSP is not properly applied to all parts of multipart content sen...
USN-2936-2: Oxygen-GTK3 update
USN-2936-1 fixed vulnerabilities in Firefox. The update caused Firefox to crash on startup with the Oxygen GTK theme due to a pre-existing bug in the Oxygen-GTK3 theme engine. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christian Holler, Tyson...
CVE-2016-2816
Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy CSP protection mechanism via the multipart/x-mixed-replace content type...
Design/Logic Flaw
Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy CSP protection mechanism via the multipart/x-mixed-replace content type...
CVE-2016-2816
Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy CSP protection mechanism via the multipart/x-mixed-replace content type...
CVE-2016-2816
Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy CSP protection mechanism via the multipart/x-mixed-replace content type...
CVE-2016-2816
Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy CSP protection mechanism via the multipart/x-mixed-replace content type...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: MFSA 2016-39 Miscellaneous memory safety hazards rv:46.0 / rv:45.1 / rv:38.8 MFSA 2016-42 Use-after-free and buffer overflow in Service Workers MFSA 2016-44 Buffer overflow in libstagefright with CENC offsets MFSA 2016-45 CSP not applied to pages sent with...
MozillaThunderbird: Update to Thunderbird 3.1.11 (important)
Mozilla Thunderbird was updated to the 3.1.11 release. It has new features, fixes lots of bugs, and also fixes the following security issues: MFSA 2011-19/CVE-2011-2374 CVE-2011-2376 CVE-2011-2364 CVE-2011-2365 Miscellaneous memory safety hazards MFSA 2011-20/CVE-2011-2373 bmo617247 Use-after-fre...
CVE-2011-2377
Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via a multipart/x-mixed-replace image...
Memory corruption
Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via a multipart/x-mixed-replace image...