Информационная безопасность
[RU] switch to English


Дополнительная информация

  Многочисленные уязвимости безопасности в Mozilla Firefox / Seamonkey

  ZDI-10-113: Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability

  Mozilla Foundation Security Advisory 2010-33

  Mozilla Foundation Security Advisory 2010-31

  Mozilla Foundation Security Advisory 2010-30

From:MOZILLA
Date:25 июня 2010 г.
Subject:Mozilla Foundation Security Advisory 2010-32

Mozilla Foundation Security Advisory 2010-32

Title: Content-Disposition: attachment ignored if Content-Type: multipart also present
Impact: Moderate
Announced: June 22, 2010
Reporter: Ilja van Sprundel
Products: Firefox, SeaMonkey

Fixed in: Firefox 3.6.4
 Firefox 3.5.10
 SeaMonkey 2.0.5
Description

Security researcher Ilja van Sprundel of IOActive reported that the Content-Disposition: attachment HTTP header was ignored when Content-Type: multipart was also present. This issue could potentially lead to XSS problems in sites that allow users to upload arbitrary files and specify a Content-Type but rely on Content-Disposition: attachment to prevent the content from being displayed inline.
References

   * https://bugzilla.mozilla.org/show_bug.cgi?id=537120
   * CVE-2010-1197

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород