CVE-2021-29991 log
| Source |
|
| Severity | High |
| Remote | Yes |
| Type | Url request injection |
| Description | Firefox and Thunderbird before version 91.0.1 incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-2301 | firefox | 91.0-1 | 91.0.1-1 | High | Fixed | |
| AVG-2291 | thunderbird | 78.14.0-1 | 91.1.0-1 | High | Fixed |
| References |
|---|
https://www.mozilla.org/security/advisories/mfsa2021-37/ https://bugzilla.mozilla.org/show_bug.cgi?id=1724896 |