VYPR
Unrated severityNVD Advisory· Published Oct 29, 2024· Updated Nov 3, 2025

CVE-2024-10461

CVE-2024-10461

Description

In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

39

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.