SUSE SLED15 / SLES15 Security Update : MozillaThunderbird (SUSE-SU-2021:4150-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:4150-1 advisory. - An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted...

Security update for MozillaThunderbird (important)

openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2021:4150-1 Rating: important References: 1182863 1189547 1190244 1190269 1191332 1192250 1193485 Cross-References: CVE-2021-29981 CVE-2021-29982 CVE-2021-29987 CVE-2021-29991 CVE-2021-32810 CVE-2021-384...

Mozilla Firefox Security Advisory (MFSA2021-37) - Linux

The remote host is missing an update for Mozilla Firefox, announced via the advisory MFSA2021-37. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

CVE-2021-29991

Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox 91.0.1 and Thunderbird 91.0.1...

Code injection

Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox 91.0.1 and Thunderbird 91.0.1...

CVE-2021-29991

Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox 91.0.1 and Thunderbird 91.0.1...

CVE-2021-29991

Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox 91.0.1 and Thunderbird 91.0.1...

CVE-2021-29991

Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox 91.0.1 and Thunderbird 91.0.1...

CVE-2021-29991

CVE-2021-29991 affects Mozilla Firefox and Mozilla Thunderbird. The issue arises when Firefox incorrectly accepts a newline in an HTTP/3 header, treating it as two separate headers, enabling a header-splitting scenario for servers using HTTP/3. Affected versions are Firefox < 91.0.1 and Thunde...

openSUSE 15 Security Update : MozillaFirefox (openSUSE-SU-2021:1367-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1367-1 advisory. - Uninitialized memory in a canvas object could have caused an incorrect free leading to memory corruption and a potentially exploitable...

SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2021:3451-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3451-1 advisory. - Uninitialized memory in a canvas object could have caused an incorrect free leading to memory corruption and a potentially exploitab...

SUSE SLES15 Security Update : MozillaFirefox (SUSE-SU-2021:3331-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3331-1 advisory. - Uninitialized memory in a canvas object could have caused an incorrect free leading to memory corruption and a potentially...

SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2021:14821-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:14821-1 advisory. - Uninitialized memory in a canvas object could have caused an incorrect free leading to memory corruption and a potentially exploitable crash...

SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2021:3191-1)

The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3191-1 advisory. - Uninitialized memory in a canvas object could have caused an incorrect free leading to memory corruption and a potential...

Security fix for the ALT Linux 10 package firefox-esr version 91.0.1-alt1

Sept. 4, 2021 Andrey Cherepanov 91.0.1-alt1 - New ESR version. - Security fixes: + CVE-2021-29991: Header Splitting possible with HTTP/3 Responses + CVE-2021-29981: Live range splitting could have led to conflicting assignments in the JIT + CVE-2021-29983: Firefox for Android could get stuck in...

Fedora 34 : firefox (2021-74b76e593a)

The remote Fedora 34 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2021-74b76e593a advisory. - Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against...

Header Splitting Attack

firefox:sid is vulnerable to header splitting attack. Firefox incorrectly accepted a newline in a HTTP/3 header, interpreting it as two separate headers, allowing a header splitting attack against servers using HTTP/3...

USN-5047-1: Firefox vulnerability

It was discovered that Firefox could be made to incorrectly accept newlines in HTTP/3 response headers. If a user were tricked into opening a specially crafted website, an attacker could exploit this to conduct header splitting attacks...

USN-5047-1 firefox vulnerability

It was discovered that Firefox could be made to incorrectly accept newlines in HTTP/3 response headers. If a user were tricked into opening a specially crafted website, an attacker could exploit this to conduct header splitting attacks...

Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerability (USN-5047-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5047-1 advisory. It was discovered that Firefox could be made to incorrectly accept newlines in HTTP/3 response headers. If a user were tricked into opening a speciall...