===========================================================================
ZMCIRT Vulnerability Bulletin
ZMC-2021.08.19.1500
Firefox and Thunderbird: Reduced security - Unknown/unspecified
19th August 2021
===========================================================================
Product: Firefox
Thunderbird
Publisher: Mozilla
Operating System: Windows
Linux variants
Impact/Access: Reduced Security -- Unknown/Unspecified
Resolution: Patch/Upgrade
CVE Names: CVE-2021-29991
Original Bulletin:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-37/
Mozilla Foundation Security Advisory 2021-37
Security Vulnerabilities fixed in Firefox 91.0.1 and Thunderbird 91.0.1
Announced: August 16, 2021
Impact: high
Products: Firefox, Thunderbird
Fixed in: Firefox 91.0.1
Thunderbird 91.0.1
# CVE-2021-29991: Header Splitting possible with HTTP/3 Responses
Reporter: Neal Poole
Impact: high
Description
Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as
two separate headers. This allowed for a header splitting attack against
servers using HTTP/3.
References
o Bug 1724896
ZMCIRT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. ZMCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Internet Email: report@cirt.zm
Telephone: 7070
ZMCIRT personnel answer during Zambian business hours
which are 8am to 5pm.
On call after hours for member emergencies only.
===========================================================================
Copyright @2023 ZAMBIA CIRT