mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-05 18:27:17 +00:00
1.4 KiB
1.4 KiB
CVE-2023-29539
Description
When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.
POC
Reference
No PoCs from references.