CVE-2010-1197
Description
Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an uploaded HTML document.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Mozilla Firefox and SeaMonkey mishandle Content-Disposition: attachment with multipart Content-Type, enabling XSS via an uploaded HTML document.
Vulnerability
Mozilla Firefox versions 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, contain a cross-site scripting (XSS) vulnerability in how they process HTTP responses that include both a Content-Disposition: attachment header and a Content-Type: multipart header. Under this condition, the browser may render the content inline instead of triggering a download, allowing an attacker's uploaded HTML document (e.g., from a file upload form) to execute script in the context of the hosting site [1][2].
Exploitation
An attacker must first have the ability to upload an HTML document to a target web server that returns Content-Disposition: attachment in combination with Content-Type: multipart (often produced automatically by some server-side logic). When a victim visits the crafted URL, the browser fails to force a download and instead renders the uploaded HTML, whose embedded script runs in the origin's security context. No additional user interaction beyond navigating to the URL is required [2].
Impact
Successful exploitation allows an attacker to execute arbitrary script in the victim's browser within the trust relationship of the vulnerable website. This can lead to session hijacking, data exfiltration, or other actions achievable through XSS, bypassing the protection that Content-Disposition: attachment was intended to provide [2].
Mitigation
Mozilla addressed this vulnerability in Firefox 3.5.10, Firefox 3.6.4, and SeaMonkey 2.0.5, released in June 2010. Users should upgrade to these or later versions. Red Hat and Ubuntu issued updates as part of their security advisories (RHSA-2010:0499/RHSA-2010:0500 and USN-930-1) [1][2][3][4]. No workaround is available aside from applying the vendor patch.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
62cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*
- (no CPE)range: >=3.5, <3.5.10; >=3.6, <3.6.4
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*+ 46 more
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*range: <=2.0.4
- cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*
- (no CPE)range: <2.0.5
- osv-coords2 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 1 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 50.1.0-1.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
27- www.mozilla.org/security/announce/2010/mfsa2010-32.htmlnvdVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.htmlnvd
- secunia.com/advisories/40326nvd
- secunia.com/advisories/40401nvd
- secunia.com/advisories/40481nvd
- support.avaya.com/css/P8/documents/100091069nvd
- ubuntu.com/usn/usn-930-1nvd
- www.mandriva.com/security/advisoriesnvd
- www.redhat.com/support/errata/RHSA-2010-0499.htmlnvd
- www.redhat.com/support/errata/RHSA-2010-0500.htmlnvd
- www.redhat.com/support/errata/RHSA-2010-0501.htmlnvd
- www.securityfocus.com/bid/41050nvd
- www.securityfocus.com/bid/41103nvd
- www.securitytracker.com/idnvd
- www.ubuntu.com/usn/usn-930-2nvd
- www.vupen.com/english/advisories/2010/1551nvd
- www.vupen.com/english/advisories/2010/1556nvd
- www.vupen.com/english/advisories/2010/1557nvd
- www.vupen.com/english/advisories/2010/1592nvd
- www.vupen.com/english/advisories/2010/1640nvd
- www.vupen.com/english/advisories/2010/1773nvd
- bugzilla.mozilla.org/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/59667nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10168nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14186nvd
News mentions
0No linked articles in our index yet.