Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an uploaded HTML document.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mozilla Firefox HTML文档跨站攻击漏洞
Vulnerability Description
Firefox是非常流行的开源WEB浏览器。 Mozilla Firefox 3.5.10 之前的3.5.x版本和3.6.4之前的3.6.x版本的浏览器由于没有正确的处理HTTP头文件携带"Content-Disposition: attachment" 和 "Content-Type: multipart"的情况,远程攻击借可以借助上传HTML文档导致跨站脚本攻击,SeaMonkey 2.0.5 之前的版本的浏览器也存在此漏洞。
CVSS Information
N/A
Vulnerability Type
N/A