SUSE CVE-2009-1306

The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting XSS attacks and possibly other attacks via an uploaded .jar file with a...

CVE-2022-30470

In Afian Filerun 20220202 Changing the "searchtikapath" variable to a custom and previously uploaded jar file results in remote code execution in the context of the webserver user...

CVE-2020-14008

Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution...

jar: scheme ignores the content-disposition: header on the inner URI

The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting XSS attacks and possibly other attacks via an uploaded .jar file with a...

jar: scheme ignores the content-disposition: header on the inner URI

The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting XSS attacks and possibly other attacks via an uploaded .jar file with a...

jar: scheme ignores the content-disposition: header on the inner URI

The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting XSS attacks and possibly other attacks via an uploaded .jar file with a...