When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Alpine | edge-community | noarch | firefox-esr | < 78.10.0-r0 | UNKNOWN |
Alpine | edge-community | noarch | firefox | < 88.0-r0 | UNKNOWN |
Alpine | edge-community | noarch | thunderbird | < 91.3.2-r0 | UNKNOWN |
Alpine | 3.12-community | noarch | firefox-esr | < 78.10.0-r0 | UNKNOWN |
Alpine | 3.13-community | noarch | firefox-esr | < 78.10.0-r0 | UNKNOWN |
Alpine | 3.13-community | noarch | firefox | < 88.0-r0 | UNKNOWN |
Alpine | 3.14-community | noarch | firefox-esr | < 78.10.0-r0 | UNKNOWN |
Alpine | 3.14-community | noarch | firefox | < 88.0-r0 | UNKNOWN |
Alpine | 3.15-community | noarch | firefox-esr | < 78.10.0-r0 | UNKNOWN |
Alpine | 3.15-community | noarch | firefox | < 88.0-r0 | UNKNOWN |