Primary

Context

Mozilla Firefox for iOS Content-Disposition Header Handling Vulnerability Allowing XSS

Vulnerability

A vulnerability exists in Firefox for iOS versions prior to 142, where the browser fails to properly handle Content-Disposition headers of type 'Attachment'. Instead of downloading the content, it displays it inline. This mismanagement could potentially lead to Cross-Site Scripting (XSS) attacks.

Impact

Exploitation of this vulnerability could allow for Cross-Site Scripting (XSS) attacks.

Remediation

Users can upgrade to Firefox for iOS version 142 or later to address this vulnerability.

Added: Aug 19, 2025, 9:33 PM

Updated: Aug 19, 2025, 9:33 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mozilla Firefox for iOS Content-Disposition Header Handling Vulnerability Allowing XSS

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating