CVE-2021-29991
03.11.2021, 01:15
Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox < 91.0.1 and Thunderbird < 91.0.1.
Vendor | Product | Version |
---|---|---|
mozilla | firefox | 𝑥 < 91.0.1 |
mozilla | thunderbird | 𝑥 < 91.0.1 |
𝑥
= Vulnerable software versions

Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
firefox |
| ||||||||||||||||||||||
mozjs38 |
| ||||||||||||||||||||||
mozjs52 |
| ||||||||||||||||||||||
mozjs68 |
| ||||||||||||||||||||||
mozjs78 |
| ||||||||||||||||||||||
thunderbird |
|