Mozilla Foundation Security Advisory 2008-09
Title: Mishandling of locally-saved plain text files
Impact: Low
Announced: February 7, 2008
Reporter: oo.rio.oo
Products: Firefox, SeaMonkey
Fixed in: Firefox 2.0.0.12
SeaMonkey 1.1.8
Description
Mozilla contributor oo.rio.oo demonstrated that once a file with Content-Disposition: attachment and (improper) Content-Type: plain/text is saved locally, the browser would no longer open local files with .txt extensions for viewing, but would rather prompt the user to save the file.
References
* https://bugzilla.mozilla.org/show_bug.cgi?id=387258
* CVE-2008-0592