Primary

Context

Mozilla Focus for iOS Content-Disposition Header Vulnerability Allowing XSS

Vulnerability

A vulnerability in Mozilla Focus for iOS versions prior to 142 allows the application to improperly handle Content-Disposition headers of type Attachment. Instead of treating the content as an attachment, the app displays it inline. This mismanagement could lead to Cross-Site Scripting (XSS) attacks.

Impact

Exploitation of this vulnerability could result in Cross-Site Scripting (XSS) attacks.

Remediation

Users can update to Mozilla Focus for iOS version 142 to address this vulnerability.

Added: Aug 19, 2025, 9:31 PM

Updated: Aug 19, 2025, 9:31 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mozilla Focus for iOS Content-Disposition Header Vulnerability Allowing XSS

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating