AVG-2301 log

Package firefox
Status Fixed
Severity High
Type url request injection
Affected 91.0-1
Fixed 91.0.1-1
Current 102.0-1 [extra]
Ticket None
Created Sun Aug 22 11:13:23 2021
Issue Severity Remote Type Description
CVE-2021-29991 High Yes Url request injection
Firefox and Thunderbird before version 91.0.1 incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for...