Mozilla Foundation Security Advisory 2008-09

Mishandling of locally-saved plain text files

Announced
February 7, 2008
Reporter
oo.rio.oo
Impact
Low
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 2.0.0.12
  • SeaMonkey 1.1.8

Description

Mozilla contributor oo.rio.oo demonstrated that once a file with Content-Disposition: attachment and (improper) Content-Type: plain/text is saved locally, the browser would no longer open local files with .txt extensions for viewing, but would rather prompt the user to save the file.

References