Vulnerability in Mozilla Firefox
CVE-2024-10461
In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4…
EPSS: 0.009 (76.7th percentile) — read the EPSS interpretation.
Affected products
- Mozilla Firefox — versions unspecified
- Mozilla Firefox Esr — versions unspecified
- Mozilla Thunderbird — versions unspecified