Security Advisory

CVE-2021-29991

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-11-03 00:04:17
Last updated 2024-08-03 22:24:59
Assigner mozilla
State PUBLISHED

Description

Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox < 91.0.1 and Thunderbird < 91.0.1.