When a file download is specified via the Content-Disposition
header, that directive would be ignored if the file was included via a <embed>
or <object>
tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.