Red Hat: CVE-2024-10461: firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response (Multiple Advisories)

发布于3月6日3月6日

Members

Red Hat: CVE-2024-10461: firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response (Multiple Advisories)

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published

10/29/2024

Created

11/05/2024

Added

11/04/2024

Modified

11/14/2024

Description

In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

Solution(s)

redhat-upgrade-firefox
redhat-upgrade-firefox-debuginfo
redhat-upgrade-firefox-debugsource
redhat-upgrade-firefox-x11
redhat-upgrade-thunderbird
redhat-upgrade-thunderbird-debuginfo
redhat-upgrade-thunderbird-debugsource

References

CVE-2024-10461
RHSA-2024:8720
RHSA-2024:8722
RHSA-2024:8726
RHSA-2024:8728
RHSA-2024:8729
RHSA-2024:8790
RHSA-2024:8793
RHSA-2024:9018
RHSA-2024:9552
RHSA-2024:9554

引用

Mention

登录

Red Hat: CVE-2024-10461: firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response (Multiple Advisories)

recommended_posts

Red Hat: CVE-2024-10461: firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response (Multiple Advisories)

Description

Solution(s)

References

参与讨论

欢迎来到红帽社区

帐户

导航

搜索